Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nagaraja_cs
Contributor

Local authentication shouldn't work when TACACS authentication is configured

Jump to solution

Hi Team,

 

We have configured TACACS authentication for Firewall.

User are able to authenticate from TACACS server.

But local user authentication shouldn't work when TACACS is working.

Local authentication should work only when TACACS server is not working.

Is there any priority to set TACACS as high priority ?

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

First priority always is Local Authentication, see sk111572.

View solution in original post

0 Kudos
5 Replies
nagaraja_cs
Contributor

Hi Team,

Is there any solution for this ?

0 Kudos
G_W_Albrecht
Legend
Legend

Afaik local user auth always is enabled as a fallback. See sk111572 Authentication on Gaia OS from console with local user fails (times out) while two RADIUS servers are configured:

Code was improved: Local authentication will have priority over RADIUS authentication.

0 Kudos
nagaraja_cs
Contributor

Hi Albrecht,

Thank you for the information.

Here local authentication shouldn't work when TACACS authentication is active.Local authentication should work only if the TACACS auth fails.

Is there any priority setting ?

First  Priority --- > TACACS Aunthentication.

Second Priority ---> Local Authentication.

0 Kudos
G_W_Albrecht
Legend
Legend

First priority always is Local Authentication, see sk111572.

View solution in original post

0 Kudos
John_Fleming
Advisor

sk105320 - How to disable local authentication when RADIUS authentication is available

This is for radius but might be very close for tacacs. Would need to play around with it to see. Its all PAM under the hood so my guess is it should work.

0 Kudos