<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:Batang;
        panose-1:2 3 6 0 0 1 1 1 1 1;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:"\@Batang";
        panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:blue;
        text-decoration:underline;}
p
        {mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.E-MailFormatvorlage21
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.Section1
        {page:Section1;}
-->
</style>
</head>
<body lang=DE link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thanks.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>It works,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Alexander<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>Von:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
nschrenk@gmail.com [mailto:nschrenk@gmail.com] <b><span style='font-weight:
bold'>Im Auftrag von </span></b>Nathan Schrenk<br>
<b><span style='font-weight:bold'>Gesendet:</span></b> Dienstag, 3. Februar
2009 17:20<br>
<b><span style='font-weight:bold'>An:</span></b> Alexander Czutka<br>
<b><span style='font-weight:bold'>Cc:</span></b> tac_plus@shrubbery.net<br>
<b><span style='font-weight:bold'>Betreff:</span></b> Re: [tac_plus] How can I
deny/permit ?</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>I don't know why that's
not working. I would try to increase the debug logging and then try to
authorize the commands again and see if there are any log messages that help
explain why authorization is being denied. Passing the command-line argument
"-d 4088" should enable lots of debugging log messages.<br>
<br>
Nathan<o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><span class=gmailquote><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>On 2/2/09, <b><span style='font-weight:bold'>Alexander
Czutka</span></b> <<a href="mailto:aczutka@brocade.com">aczutka@brocade.com</a>>
wrote:</span></font></span><o:p></o:p></p>
<div link=blue vlink=blue>
<div>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>Hello Nathan,</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>Sorry for the delay.</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>I have tried this:</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=FR style='font-size:10.0pt;
font-family:Arial;color:navy'># tacacs configuration file</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=FR style='font-size:10.0pt;
font-family:Arial;color:navy'># Pierre-Yves Maunier - 20060713</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'># /etc/tac_plus.conf</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'># set the key</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>key = foundry</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>accounting file = /var/log/tac_plus.acct</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'># Group definition</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>group = group2 {</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
default service = deny</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> cmd =
show {</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
permit "ip <cr>"</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
deny .*</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
} </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'># users accounts</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>user = test {</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
default service = permit</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> login
= cleartext "test"</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> enable
= cleartext "test"</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> name =
"test"</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>}</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>user = user2 {</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
member = group2</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
login = cleartext "user2"</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
enable = cleartext "user2"</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
}</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'># END</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>Now Iīm not able to execute any command:</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>telnet@BigIron Router#</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>telnet@BigIron Router#show ip</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>Not authorized to execute this command.</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=FR style='font-size:10.0pt;
font-family:Arial;color:navy'>telnet@BigIron Router#</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=FR style='font-size:10.0pt;
font-family:Arial;color:navy'>telnet@BigIron Router#</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>telnet@BigIron Router#show ip route</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>Not authorized to execute this command.</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=FR style='font-size:10.0pt;
font-family:Arial;color:navy'>telnet@BigIron Router#</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=FR style='font-size:10.0pt;
font-family:Arial;color:navy'>telnet@BigIron Router#</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>telnet@BigIron Router#</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>Regards,</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>Alexander</span></font><o:p></o:p></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center>
</span></font></div>
<p><b><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma;
font-weight:bold'>Von:</span></font></b><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'> <a href="mailto:nschrenk@gmail.com"
target="_blank">nschrenk@gmail.com</a> [mailto:<a
href="mailto:nschrenk@gmail.com" target="_blank">nschrenk@gmail.com</a>] <b><span
style='font-weight:bold'>Im Auftrag von </span></b>Nathan Schrenk<br>
<b><span style='font-weight:bold'>Gesendet:</span></b> Freitag, 30. Januar 2009
22:57<o:p></o:p></span></font></p>
<div><span id="q_11f3b05644ed30d6_5">
<p class=MsoNormal><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma'><br>
<span class=e><b><span style='font-weight:bold'>An:</span></b> Alexander Czutka</span><br>
<span class=e><b><span style='font-weight:bold'>Cc:</span></b> <a
href="mailto:tac_plus@shrubbery.net" target="_blank">tac_plus@shrubbery.net</a></span><br>
<span class=e><b><span style='font-weight:bold'>Betreff:</span></b> Re:
[tac_plus] How can I deny/permit ?</span></span><o:p></o:p></span></font></p>
</div>
</div>
<div><span id="q_11f3b05644ed30d6_7">
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> <o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>On
1/30/09, <b><span style='font-weight:bold'>Alexander Czutka</span></b> <<a
href="mailto:aczutka@brocade.com" target="_blank">aczutka@brocade.com</a>>
wrote:<o:p></o:p></span></font></p>
<div>
<blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0cm 0cm 0cm 6.0pt;
margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt;
border-color:-moz-use-text-color -moz-use-text-color -moz-use-text-color rgb(204, 204, 204)'>
<div link=blue vlink=blue>
<div>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>Hello Nathan,</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>it doesnīt work.</span></font><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'><br>
What doesn't work? tac_plus doesn't print the same error message while
parsing the config file as it does without the quotes, does it?<br>
<br>
I normally use a group and deny everything that is not explicitly allowed (a
command blacklist):<br>
<br>
group = mygroup {<br>
default service = deny<br>
cmd = show {<br>
permit "ip <cr>"<br>
deny .*<br>
}<br>
}<br>
user = myuser {<br>
member = mygroup<br>
login = cleartext "mypassword"<br>
}<br>
<br>
Nathan<o:p></o:p></span></font></p>
</div>
<blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0cm 0cm 0cm 6.0pt;
margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt;
border-color:-moz-use-text-color -moz-use-text-color -moz-use-text-color rgb(204, 204, 204)'>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> <o:p></o:p></span></font></p>
<div link=blue vlink=blue>
<div>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>user = user2 {</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>#
member = group2</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>#
debug = REGEX</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
login = cleartext "user2"</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
enable = cleartext "user2"</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
cmd = show {</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
permit ip</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
deny "ip ospf"</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span lang=EN-GB style='font-size:10.0pt;
font-family:Arial;color:navy'>
</span></font><font size=2 color=navy face=Arial><span style='font-size:10.0pt;
font-family:Arial;color:navy'>}</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'># END</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>Regards,</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>Alexander</span></font><o:p></o:p></p>
<p><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font><o:p></o:p></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center>
</span></font></div>
<p><b><font size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma;
font-weight:bold'>Von:</span></font></b><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'> <a href="mailto:nschrenk@gmail.com"
target="_blank">nschrenk@gmail.com</a> [mailto:<a
href="mailto:nschrenk@gmail.com" target="_blank">nschrenk@gmail.com</a>] <b><span
style='font-weight:bold'>Im Auftrag von </span></b>Nathan Schrenk<br>
<b><span style='font-weight:bold'>Gesendet:</span></b> Freitag, 30. Januar 2009
21:14<br>
<b><span style='font-weight:bold'>An:</span></b> Alexander Czutka<br>
<b><span style='font-weight:bold'>Cc:</span></b> <a
href="mailto:tac_plus@shrubbery.net" target="_blank">tac_plus@shrubbery.net</a><br>
<b><span style='font-weight:bold'>Betreff:</span></b> Re: [tac_plus] How can I
deny/permit ?</span></font><o:p></o:p></p>
</div>
<div>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> <o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>On
1/30/09, <b><span style='font-weight:bold'>Alexander Czutka</span></b> <<a
href="mailto:aczutka@brocade.com" target="_blank">aczutka@brocade.com</a>>
wrote:<o:p></o:p></span></font></p>
<div>
<blockquote style='border:none;border-left:solid windowtext 1.0pt;padding:0cm 0cm 0cm 6.0pt;
margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt;
border-color:-moz-use-text-color -moz-use-text-color -moz-use-text-color rgb(204, 204, 204)'>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Hello,<br>
<br>
Iīm trying to setup an authorization for a user.<br>
<br>
The user should be allowed to do a:<br>
<br>
- Show ip<br>
- show ip route<br>
<br>
But he shouldnīt execute the commands, which starts with:<br>
<br>
- Show ip ospf<br>
- Show ip pim<br>
<br>
I tried this, but it didnīt work:<br>
<br>
cmd = show {<br>
permit
ip<br>
deny ip
ospf<br>
}<br>
<br>
root@ubuntu-fdry:/# tac_plus -C /etc/tac_plus.conf<br>
Error: expecting '}' but found 'ospf' on line 40<br>
root@ubuntu-fdry:/#<br>
<br>
Is this possible ?<o:p></o:p></span></font></p>
</blockquote>
<div>
<p style='margin-bottom:12.0pt'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><br>
Try putting quotes around the tokens:<br>
<br>
cmd = show {<br>
permit
ip<br>
deny
"ip ospf" <br>
}<o:p></o:p></span></font></p>
</div>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Nathan<o:p></o:p></span></font></p>
</div>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
</div>
</div>
</blockquote>
</div>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'> <o:p></o:p></span></font></p>
</div>
</div>
</div>
</div>
</span>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>