This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
nagaraja_cs
Contributor
‎2020-07-28 12:08 AM

Local authentication shouldn't work when TACACS authentication is configured

Jump to solution

Hi Team,

 

We have configured TACACS authentication for Firewall.

User are able to authenticate from TACACS server.

But local user authentication shouldn't work when TACACS is working.

Local authentication should work only when TACACS server is not working.

Is there any priority to set TACACS as high priority ?

0 Kudos
Reply
1 Solution

Accepted Solutions
G_W_Albrecht
Champion
Champion
‎2020-08-03 02:32 AM
In response to nagaraja_cs

Jump to solution

First priority always is Local Authentication, see sk111572.

View solution in original post

0 Kudos
Reply
5 Replies
nagaraja_cs
Contributor
‎2020-08-02 11:42 PM

Jump to solution

Hi Team,

Is there any solution for this ?

0 Kudos
Reply
G_W_Albrecht
Champion
Champion
‎2020-08-03 02:05 AM

Jump to solution

Afaik local user auth always is enabled as a fallback. See sk111572 Authentication on Gaia OS from console with local user fails (times out) while two RADIUS servers are configured:

Code was improved: Local authentication will have priority over RADIUS authentication.

0 Kudos
Reply
nagaraja_cs
Contributor
‎2020-08-03 02:17 AM
In response to G_W_Albrecht

Jump to solution

Hi Albrecht,

Thank you for the information.

Here local authentication shouldn't work when TACACS authentication is active.Local authentication should work only if the TACACS auth fails.

Is there any priority setting ?

First  Priority --- > TACACS Aunthentication.

Second Priority ---> Local Authentication.

0 Kudos
Reply
G_W_Albrecht
Champion
Champion
‎2020-08-03 02:32 AM
In response to nagaraja_cs

Jump to solution

First priority always is Local Authentication, see sk111572.

View solution in original post

0 Kudos
Reply
John_Fleming
Advisor
‎2020-08-03 10:43 AM

Jump to solution

sk105320 - How to disable local authentication when RADIUS authentication is available

This is for radius but might be very close for tacacs. Would need to play around with it to see. Its all PAM under the hood so my guess is it should work.

0 Kudos
Reply