I am using external TACACS+ authentication with two defined groups (Group1
and Group2). Group1 contains a single local defined user (User1) while
Group2 contains a single user *generic.
GROUP1 USER1
GROUP2 *generic
User1 is also defined in the external TACACS+ authentication database that
is accessed by default using the *generic user. Group2 rules correctly
authenticate the User1 name against the external database without issue
using the *generic user entry. Things are fine and authentication works
perfectly until.......
I added User1 into Group2 in addition to the *generic mapping. Installed
rulebase. Removed User1. Installed rulebase. Now any rules defined with
Group2 will not work unless User1 is physically placed into Group2 or I
completely delete User1 from the local firewall user database.
User1 is no long processed by *generic user entry and it appears to remember
the User1 was removed from Group2?
I tried restarting the firewall with no luck.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
