Configuring a TACACS+ server on the FortiGate unit
A maximum of 10 remote TACACS+ servers can be configured for authentication.
One or more servers must be configured on FortiGate before remote users can be configured. To configure remote users, see
“Creating users”.
The TACACS+ page in the web-based manager is not available until a TACACS+ server has been configured in the CLI. For more information see the CLI Reference.
To configure the FortiGate unit for TACACS+ authentication - web-based manager
1. Go to User & Device > Authentication > TACACS+ Servers and select Create New.
2. Enter the following information, and select OK.
Name | Enter the name of the TACACS+ server. |
Server Name/IP | Enter the server domain name or IP address of the TACACS+ server. |
Server Key | Enter the key to access the TACACS+ server. |
Authentication Type | Select the authentication type to use for the TACACS+ server. Auto tries PAP, MSCHAP, and CHAP (in that order). |
To configure the FortiGate unit for TACACS+ authentication - CLI
config user tacacs+
edit tacacs1
set authen-type auto
set key abcdef
set port 49
set server 192.168.0.101
end