TACACS+ User
FortiGate Version 4.0 Administration Guide
578 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
Figure 381: Example LDAP server Distinguished Name Query tree
TACACS+
In recent years, remote network access has shifted from terminal access to LAN access.
Users connect to their corporate network (using notebooks or home PCs) with computers
that use complete network connections and have the same level of access to the
corporate network resources as if they were physically in the office. These connections
are made through a remote access server. As remote access technology has evolved, the
need for network access security has become increasingly important.
Terminal Access Controller Access-Control System (TACACS+) is a remote
authentication protocol that provides access control for routers, network access servers,
and other networked computing devices via one or more centralized servers. TACACS+
allows a client to accept a user name and password and send a query to a TACACS+
authentication server. The server host determines whether to accept or deny the request
and sends a response back that allows or denies network access to the user. The default
TCP port for a TACACS+ server is 49.
To view the list of TACACS+ servers, go to User > Remote > TACACS+.
Figure 382: Example TACACS+ server list
Configuring TACACS+ servers
There are several different authentication protocols that TACACS+ can use during the
authentication process:
Common Name Identifier (CN)
Expand Arrow
Distinguished Name (DN)
Create New Add a new TACACS+ server. The maximum number is 10.
Server The server domain name or IP address of the TACACS+ server.
Authentication Type The supported authentication method. TACACS+ authentication methods
include: Auto, ASCII, PAP, CHAP, and MSCHAP.
Delete icon Delete this TACACS+ server.
Edit icon Edit this TACACS+ server.
To Next Page
Loading...