Chapter 3 Authentication for FortiOS 5.0 : Authentication servers : TACACS+ servers : Configuring a TACACS+ server on the FortiGate unit
  
Configuring a TACACS+ server on the FortiGate unit
A maximum of 10 remote TACACS+ servers can be configured for authentication.
One or more servers must be configured on FortiGate before remote users can be configured. To configure remote users, see “Creating users”.
The TACACS+ page in the web-based manager is not available until a TACACS+ server has been configured in the CLI. For more information see the CLI Reference.
To configure the FortiGate unit for TACACS+ authentication - web-based manager
1. Go to User & Device > Authentication > TACACS+ Servers and select Create New.
2. Enter the following information, and select OK.
Name
Enter the name of the TACACS+ server.
Server Name/IP
Enter the server domain name or IP address of the TACACS+ server.
Server Key
Enter the key to access the TACACS+ server.
Authentication Type
Select the authentication type to use for the TACACS+ server. Auto tries PAP, MSCHAP, and CHAP (in that order).
To configure the FortiGate unit for TACACS+ authentication - CLI
config user tacacs+
edit tacacs1
set authen-type auto
set key abcdef
set port 49
set server 192.168.0.101
end