Description
This article describes how to use FortiAuthenticator as TACACS+ server for Juniper remote user authorization.
FortiAuthenticator can perform central authentication as TACACS+ Server by authorizing remote users to different user templates configured on Juniper Switches.
These templates determine authorization.
Scope
Specific remote users on FortiAuthenticator should be able to authenticate and access the switch by matching the different user templates configured in Juniper Switch.
The full configuration on Juniper Switch side is not covered in this article. For more information, consult Juniper support and check the following guide:
Solution
Configuration Example.
On Juniper Switch, a user template called 'SU' has been configured. This template determines authorization.
FortiAuthenticator as a TACACS+ server must be configured in order to map authenticated users to the appropriate user template in the Juniper Switch. In this example, the user template configured on the Juniper switch is 'SU'.
User template config in Juniper device:
> set system login user SU class super-user
Specific remote users on FortiAuthenticator should be able to authenticate and access the switch by matching the 'SU' user template (super-user privileges).
Important considerations:
FortiAuthenticator Configuration:
1) Create TACACS+ Service
a) Go to TACACS+ Service - > Authorization and select services on the Top Right.
Create a new service with:
b) Select the newly created service and select 'Add Attribute'
Add the following:
2) Create a TACACS+ Authorization rule.
a) Go to TACACS+ Service - > Authorization and select Rules on the Top Right.
3) Add the authorization Rule either to the Remote User or to the User group
a) Adding the TACACS+ Authorization rule to a Remote user in User Management Section:
b) Adding the TACACS+ Authorization rule to a User Group in User Management Section:
In the end, users will also need a TACACS+ policy specified as below:
Other documentation related to TACACS+ and FortiAuthenticator:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.