This article describes how to resolve the issue of TACACS + authentication stopped working after upgrading to FortiOS 7.4.4 due to a change in handling of TACACS+ by FortiGate.
Scope
FortiGate 7.4.4 and above.
Solution
After upgrading to 7.4.4 or above if it is not possible to log in to FortiGate with a TACACS user as shown below:
Run the following command:
config system global set ldapconntimeout 2000 <-- Default is 500 ms. end
The default value of ldapconntimeout, which is 0.5 sec, seems too short.
In previous builds the ldapconntimeout value applied to only TCP connection and not to packet read/write but now it is forced on packet read/write as well.