Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
5
Helpful
2
Replies

appliance cannot log in using TACACS+ , but AAA test is successful

Go to solution
SabeelShakeel00430
Level 1
Level 1

‎10-26-2022 07:46 AM

Hi,

I have configured tacacs on my fortiproxy appliance and can successfully contact cisco ISE using the AAA test commands (with my credentials). Although, the server is contactable and the credentials have been recognized via ISE - When i log out of the appliance and try logging in with my tacacs credentials it fails to authenticate. Is there anything on ISE that needs to be configured to allow the GUI to log into the appliance ?

Best Regards,

Sabeel 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-26-2022 11:19 AM 

I have configured tacacs on my fortiproxy appliance and can successfully contact cisco ISE using the AAA test commands (with my credentials).

is this a local account of fotiproxy ?

 

Although, the server is contactable and the credentials have been recognized via ISE - When i log out of the appliance and try logging in with my tacacs credentials it fails to authenticate.

 Do you have user source from different or on ISE you created a users ?

have you added fortiproxy as NAD on ISE ?

what logs you see on ISE when you try to login ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-09-2022 03:30 PM - edited ‎11-09-2022 03:32 PM

You need to include actual errors and details from the ISE LiveLogs.

"The credentials have been recognized by ISE" and "it fails to authenticate" is not specific for any troubleshooting or offering advice for next steps.

You have not followed up on @balaji.bandi 's very legitimate questions so I will refer you to the TAC.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-26-2022 11:19 AM 

I have configured tacacs on my fortiproxy appliance and can successfully contact cisco ISE using the AAA test commands (with my credentials).

is this a local account of fotiproxy ?

 

Although, the server is contactable and the credentials have been recognized via ISE - When i log out of the appliance and try logging in with my tacacs credentials it fails to authenticate.

 Do you have user source from different or on ISE you created a users ?

have you added fortiproxy as NAD on ISE ?

what logs you see on ISE when you try to login ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-09-2022 03:30 PM - edited ‎11-09-2022 03:32 PM

You need to include actual errors and details from the ISE LiveLogs.

"The credentials have been recognized by ISE" and "it fails to authenticate" is not specific for any troubleshooting or offering advice for next steps.

You have not followed up on @balaji.bandi 's very legitimate questions so I will refer you to the TAC.

0 Helpful
Customers Also Viewed These Support Documents