Fortinet black logo

CLI Reference

Home FortiADC 7.2.0 CLI Reference
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.2
6.0.1
6.0.0
5.4.5
5.4.3
5.4.2
5.4.1
5.4.0
5.3.0
4.8.1
4.7.0

config user tacacs+

config user tacacs+

Use this command to configure the Terminal Access Controller Access-Control System Plus (TACACS+) authentication server.

Basic steps:
  1. Configure a connection to a TACACS+ server that can authenticate administrator or user logins.
  2. Select the TACACS+ server configuration when you add administrator users or user groups.
Before you begin:
  • You must know the IP address, port, authentication protocol, and shared secret used to access the TACACS+ server.
  • You must have read-write permission for system settings.

Syntax

config user tacacs+

edit <name>

set server <string>

set secret <passwd>

set auth-type {auto|ms_chap|chap|pap|ascii}

set port <integer>

set timeout <integer>

set vdom <datasource>

next

end

server

 Enter the IP address or FQDN of the TACACS+ server.

secret

 Shared secret string used when connecting to the TACACS+ server. The shared secret can be a maximum of 16 characters in length.

auth-type

Specify the authentication protocol used for the TACACS+ server:

  • auto — FortiADC tries all authentication protocols in order: MS-CHAP → CHAP → PAP → ASCII.
  • ms_chap — Microsoft version of CHAP (Challenge Handshake Authentication Protocol).
  • chap — Challenge Handshake Authentication Protocol (defined in RFC 1994).
  • pap — Password Authentication Protocol.
  • ascii — American Standard Code for Information Interchange.

The default option is auto.

port

 Port number for the server. The commonly used port for TACACS+ is 49.

timeout

 Specify the amount of time that FortiADC must wait for responses from the remote TACACS+ server before it times out the connection. Valid values are from 5 to 60 seconds. The default is 5 seconds.

vdom

 Reserved for future use.
Previous
Next

config user tacacs+

Use this command to configure the Terminal Access Controller Access-Control System Plus (TACACS+) authentication server.

Basic steps:
  1. Configure a connection to a TACACS+ server that can authenticate administrator or user logins.
  2. Select the TACACS+ server configuration when you add administrator users or user groups.
Before you begin:
  • You must know the IP address, port, authentication protocol, and shared secret used to access the TACACS+ server.
  • You must have read-write permission for system settings.

Syntax

config user tacacs+

edit <name>

set server <string>

set secret <passwd>

set auth-type {auto|ms_chap|chap|pap|ascii}

set port <integer>

set timeout <integer>

set vdom <datasource>

next

end

server

 Enter the IP address or FQDN of the TACACS+ server.

secret

 Shared secret string used when connecting to the TACACS+ server. The shared secret can be a maximum of 16 characters in length.

auth-type

Specify the authentication protocol used for the TACACS+ server:

  • auto — FortiADC tries all authentication protocols in order: MS-CHAP → CHAP → PAP → ASCII.
  • ms_chap — Microsoft version of CHAP (Challenge Handshake Authentication Protocol).
  • chap — Challenge Handshake Authentication Protocol (defined in RFC 1994).
  • pap — Password Authentication Protocol.
  • ascii — American Standard Code for Information Interchange.

The default option is auto.

port

 Port number for the server. The commonly used port for TACACS+ is 49.

timeout

 Specify the amount of time that FortiADC must wait for responses from the remote TACACS+ server before it times out the connection. Valid values are from 5 to 60 seconds. The default is 5 seconds.

vdom

 Reserved for future use.
Previous
Next