Tacacs plus authentication with Aruba clearpass manager

kb1 — Thu, 13 May 2021 03:42:54 GMT

Is there a proper documentation that shows how to configure tacacs plus? The SKS and examples I've found till now are a little vague, we are using Aruba clearpass manager and I'm trying it out on a test firewall first, I think I've got most of the configuration correct since when I try to login to my normal ad account on the firewall it loves into the read only mode, I have 2 modes defined under roles in user management, one is tacp-0 with 0 privileges and the other is tacp-15 with full privilege, now how do I control the login of my normal ad account so that it can use say tacp-15? Because looks like by default it uses the tacp-0 role.

Firewall is a 4800 series running R80.40

If you need me to post screenshots or configs I can do so.

Thank you.

Re: Tacacs plus authentication with Aruba clearpass manager

PhoneBoy — Mon, 17 May 2021 04:18:58 GMT

It looks like after login, you can use the Gaia Clish command 'tacacs_enable TACP-15' to gain full privileges.
Not sure you can make a user TACP-15 by default.
This is per: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101573&partition=Advanced&product=Quantum

topic Re: Tacacs plus authentication with Aruba clearpass manager in General Topics

Tacacs plus authentication with Aruba clearpass manager

Re: Tacacs plus authentication with Aruba clearpass manager