We currently have a Windows based tacacs server and are trying to authenticate against windows user database. The radius authentication sometimes is timing out and sometimes it lets you through.
When authentication fails we see that it's trying to communicate with other domain controllers in our AD domain, but not the one within it's AD site. Is there a way to isolate where TACAC is looking for the AD domain controller or can we set an option on the server to restrict it to look at the DC only within it's AD site?
TACACs appears to be using the AD _ldap services records to lookup the DC.
Any help is appreciated.
Thanks in advance.