Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

Local authentication shouldn't work when TACACS authentication is configured

Jump to solution

Hi Team,

 

We have configured TACACS authentication for Firewall.

User are able to authenticate from TACACS server.

But local user authentication shouldn't work when TACACS is working.

Local authentication should work only when TACACS server is not working.

Is there any priority to set TACACS as high priority ?

0 Kudos
Reply
1 Solution

Accepted Solutions
Champion
Champion

First priority always is Local Authentication, see sk111572.

View solution in original post

0 Kudos
Reply
5 Replies
Contributor

Hi Team,

Is there any solution for this ?

0 Kudos
Reply
Champion
Champion

Afaik local user auth always is enabled as a fallback. See sk111572 Authentication on Gaia OS from console with local user fails (times out) while two RADIUS servers are configured:

Code was improved: Local authentication will have priority over RADIUS authentication.

0 Kudos
Reply
Contributor

Hi Albrecht,

Thank you for the information.

Here local authentication shouldn't work when TACACS authentication is active.Local authentication should work only if the TACACS auth fails.

Is there any priority setting ?

First  Priority --- > TACACS Aunthentication.

Second Priority ---> Local Authentication.

0 Kudos
Reply
Champion
Champion

First priority always is Local Authentication, see sk111572.

View solution in original post

0 Kudos
Reply
Advisor

sk105320 - How to disable local authentication when RADIUS authentication is available

This is for radius but might be very close for tacacs. Would need to play around with it to see. Its all PAM under the hood so my guess is it should work.

0 Kudos
Reply