Overview
You are experiencing difficulties logging into Exinda through TACACS+ but not LDAP. On other devices, you are able to login through TACACS+. Logs indicate authentication failure from the TACACS+ service due to insufficient membership privileges.
Solution
- Check if the attribute is correctly set for Exinda on the Active Directory server because user attributes are configured only on the AD server and not on the Exinda
- Setting attributes is done on the AD server where you can modify the local-user-name with appropriate privileges. The server will assign users to either a monitor group (read-only permissions) or an admin group (write permissions).
- Please refer to this article for setting privileges for users:- RADIUS / TACACS attributes for user privileges
- If you still face issues please generate the Diagnostics file from the Exinda and upload it to the GFI FTP server so that we can analyze it further:-
- Configuration > System Diagnostics > Diagnostics > click on Generate Diagnostics. Wait for the Diagnostics to be generated and refresh the page after few minutes for the new sysdumps and click on the Sysdumps to download
- Compress the file to a .zip file and upload it to the GFI FTP server. Once uploaded, please share the file name with the support agent.
Testing
Check to see if the user can login to the Exinda via TACACS+.