Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
smujeeb
Staff
Staff

Created on ‎07-28-2022 10:33 PM Edited on ‎07-28-2022 10:34 PM By Community Manager

Article Id 218926

Technical Tip: FortiAuthenticator Tacacs+ troubleshooting and debugs

Description

This article describes how to get debugs for Tacacs+ authentication on FortiAuthenticator appliance.
Scope

FortiAuthenticator.
Solution

In the FortiAuthenticator Tacacs debugs, the configured realm is not shown instead it refers to readiusRealm.

This causes confusion whether the realm configuration has been honoured during an authentication request.

 

smujeeb_0-1659071569704.jpeg


The above screenshot shows realmtest as the configured realm on the Tacacs Policy.

 

 In the Tacacs debugs however, the realm is shown as radiusRealm.

 

smujeeb_1-1659071569730.jpeg

 

This result may cause some concern whether the correct real has been matched by FortiAuthenticator’s Tacacs Policy.

The realm can be verified if explicitly mentioned in the user login using the Tacacs Authentication debugs along with authentication method.

 

smujeeb_2-1659071569736.jpeg

 

In order to get more details, use the Radius Authentication debug in the debugs section.

 

smujeeb_3-1659071569752.jpeg

 

In the above debugs it shows that a realm was not specified and realm ID: 1 is used as default.
822
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.