Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
WANAccounts
New Contributor II

Created on ‎09-23-2024 02:07 PM Edited on ‎09-23-2024 02:11 PM

TACACS+ Not Reading User Group for Remote Users

Hi there,

I am currently using FortiAuthenticator as the TACACS+ sever for our enviornment. All of my admin users are imported via LDAP.

When I assign a TACACS Profile directly to the user, the user is able to successfully authenticate to devices. 
If I remove the TACACS profile and assign the TACACS profile to a User Group that contains the User, the TACACS debug logs shows successful Authentication, but Authorization fails because TACACS reports that the user is not in a group which has a TACACS profile.

If I do the same thing with a Local Group that contains Local Users, the inheritance of TACACS Profile works just fine.

Has anyone else experienced this issue?

FAC version = v6.4.7, build1054 (GA)

Labels:
355
0 Kudos
1 REPLY 1
jhussain_FTNT
Staff
Staff

Created on ‎09-25-2024 01:38 AM

Hi,

 

Please check the configuration as per the document below and let us know the status.

 

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-FortiAuthenticator-as-TACACS-serv...

 

Regards

Jamal Hussain

288
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.