[tac_plus] host acl always denies

[Ignas Kazlauskas]

Hello,
I have a simple tac_plus config with a host acl. The problem is I always
get denied, even with ".*". Tried versions tacacs+-F4.0.4.20 and
tacacs+-F5.0.0a1. What's wrong (Linux CentOS6, Debian6)?

tac_plus.conf
=============

accounting file = /var/log/tacacs/acc.log
key = testing123

acl = alist {
    permit = .*
    permit = ^192.*
    permit = 192.168.111\.12$
    permit = 192.168.111.12
    permit = 192\.168\.111.*
    permit = ^192\.168\.111\.12$
}

user = fred {
    login = cleartext fred
    enable = cleartext enab15
    # I can connect when the following line is commented
    acl = alist
    service = exec { }
}

IOS
===
!
ip tacacs source-interface FastEthernet1/0
!
interface FastEthernet1/0
 ip address 192.168.111.12 255.255.255.0
 speed auto
 duplex auto
!

tac.log
=======

Wed Jan 11 10:36:55 2012 [19954]: Reading config
Wed Jan 11 10:36:55 2012 [19954]: Version F5.0.0a1 Initialized 1
Wed Jan 11 10:36:55 2012 [19954]: tac_plus server F5.0.0a1 starting
Wed Jan 11 10:36:55 2012 [19954]: uid=0 euid=0 gid=0 egid=0 s=4
Wed Jan 11 10:36:59 2012 [19954]: session.peerip is 192.168.111.12
Wed Jan 11 10:36:59 2012 [19955]: connect from 192.168.111.12
[192.168.111.12]
Wed Jan 11 10:37:03 2012 [19955]: verify daemon fred == NAS fred
Wed Jan 11 10:37:03 2012 [19955]: Password is correct
Wed Jan 11 10:37:03 2012 [19955]: Password has not expired <no expiry
date set>
Wed Jan 11 10:37:03 2012 [19955]: cfg_acl_check(alist, 192.168.111.12)
Wed Jan 11 10:37:03 2012 [19955]: ip 192.168.111.12 did not match in acl
filter alist
Wed Jan 11 10:37:03 2012 [19955]: host ACLs for user 'fred' deny
Wed Jan 11 10:37:03 2012 [19955]: login query for 'fred' tty2 from
192.168.111.12 rejected
Wed Jan 11 10:37:03 2012 [19955]: login failure: fred 192.168.111.12
(192.168.111.12) tty2


-- 
Ignas K.