Fortinet black logo

CLI Reference

user tacacs+ user

user tacacs+ user

Use this command to configure TACACS+ queries that can be used for authentication of administrators’ access to the web UI or CLI.

To authenticate an administrator, the FortiWeb appliance sends the administrator’s credentials to TACACS+ server for authentication. If the TACACS+ server replies to the query with a signal of successful authentication, the client is successfully authenticated with the FortiWeb appliance. If TACACS+ authentication fails or the query returns a negative result, the appliance refuses the connection.

To use this command, your administrator account’s access control profile must have either w or rw permission to the authusergrp area. For details, see "Permissions" on page 1.

Syntax

config user tacacs+-user

edit "<tacacs+-user_name>"

set server {radius_ipv4 | domain name}

set secret "<password_str>"

set auth-type {auto | ms_chap | chap | pap | ascii}

next

end

Variable Description Default

"<tacacs+-user_name>"

Enter a unique name that can be referenced in other parts of the configuration.

The maximum length is 63 characters.

No default.

server {radius_ipv4 | domain name}

Enter the IP address or domain name of the TACACS+ server. No default.

secret "<password_str>"

Enter the TACACS+ server secret key for the TACACS+ server. No default.

auth-type {auto | ms_chap | chap | pap | ascii}

Select Auto to automatically assign an authentication type or select Specify to specify a type among MSCHAP, CHAP, PAP, and ASCII. Auto

Related topics

user tacacs+ user

Use this command to configure TACACS+ queries that can be used for authentication of administrators’ access to the web UI or CLI.

To authenticate an administrator, the FortiWeb appliance sends the administrator’s credentials to TACACS+ server for authentication. If the TACACS+ server replies to the query with a signal of successful authentication, the client is successfully authenticated with the FortiWeb appliance. If TACACS+ authentication fails or the query returns a negative result, the appliance refuses the connection.

To use this command, your administrator account’s access control profile must have either w or rw permission to the authusergrp area. For details, see "Permissions" on page 1.

Syntax

config user tacacs+-user

edit "<tacacs+-user_name>"

set server {radius_ipv4 | domain name}

set secret "<password_str>"

set auth-type {auto | ms_chap | chap | pap | ascii}

next

end

Variable Description Default

"<tacacs+-user_name>"

Enter a unique name that can be referenced in other parts of the configuration.

The maximum length is 63 characters.

No default.

server {radius_ipv4 | domain name}

Enter the IP address or domain name of the TACACS+ server. No default.

secret "<password_str>"

Enter the TACACS+ server secret key for the TACACS+ server. No default.

auth-type {auto | ms_chap | chap | pap | ascii}

Select Auto to automatically assign an authentication type or select Specify to specify a type among MSCHAP, CHAP, PAP, and ASCII. Auto

Related topics