Re: Tacacs configuration - Authentication OK but no access to vdom
Will if you have "set accprofile-override enable" that will override the locally set accessprofile. Are you sure that's not what happening?
Going by what you listed in the FGT.config,
1: your users are wildcard
2: accprofile are override if present in the tacacs authorization
3: the users have access to ONLY "elbc-mgmt vdom1 vdom2 vdom3"
Is that speculation correct as far as what you want?
If that's what you want, I would look at the tacacs-server profiles.
PCNSE, NSE , Forcepoint , StrongSwan Specialist