[tac_plus] Default service and authorization script don't work at the same time
tempp at nm.ru
tempp at nm.ru
Fri Jan 23 06:52:04 UTC 2009
Hi!
I have a Tacacs+ on Debian server.
The version of tac-plus is F4.0.4.alpha.
There are following lines in the config file:
user = test2 {
member = admins
login = nopassword
}
group = admins {
before authorization "/etc/tac-plus/script $user $name $address".
default service = permit
cmd = ip {
. deny domain-lookup
. permit .*
}
service = exec {
. priv-lvl = 15
. idletime = 30
}.
}
When I try to start tacacs server I get:
# /etc/init.d/tac-plus restart
Restarting Tacacs+ server: Error: Unrecognised keyword default for
user on line 49
tac_plus.
Line 49 is 'default service = permit'.
Why is it wrong?
But. if to change the order of lines to following:
...
group = admins {
default service = permit
before authorization "/etc/tac-plus/script $user $name $address".
...
Tacacs server starts correctly.
But when I login to cisco and type any command I get: Command
authorization failed.
But, default service = permit is in config!!.
Why this happens and how to fix it ?
Thank you for attention..
Bye.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090123/bb3e6ba4/attachment.html
More information about the tac_plus
mailing list