Before FortiAuthenticator can accept TACACS+ authentication requests from a client, the device must be registered on FortiAuthenticator, and it must be assigned to a policy. TACACS+ authorization can be specified by creating authorization rules that can be applied to users and user groups in FortiAuthenticator.
The TACACS+ service can be enabled or disabled on each FortiAuthenticator network interface individually. Before you configure the TACACS+ service for use, confirm that it is enabled on the desired FortiAuthenticator network interface(s).
TACACS+ logs are viewable from the debug logs page.
To view the logs, go to (
https://<FAC IP>/debug/), and select TACACS+ from the Service dropdown.
TACACS+ authentication on FortiAuthenticator does not currently support challenge/response, which means:
This section contains the following topics: