[tac_plus] host acl always denies
Ignas Kazlauskas
ignas.kazlauskas at ittc.vu.lt
Fri Jan 13 09:52:30 UTC 2012
On 2012.01.12 18:47, heasley wrote:
> Thu, Jan 12, 2012 at 10:17:23AM +0200, Ignas Kazlauskas:
>> Hello,
>> I have a simple tac_plus config with a host acl. The problem is I always
>> get denied, even with ".*". Tried versions tacacs+-F4.0.4.20 and
>> tacacs+-F5.0.0a1. What's wrong (Linux CentOS6, Debian6)?
>>
>> tac_plus.conf
>> =============
>>
>> accounting file = /var/log/tacacs/acc.log
>> key = testing123
>>
>> acl = alist {
>> permit = .*
>> permit = ^192.*
>> permit = 192.168.111\.12$
>> permit = 192.168.111.12
>> permit = 192\.168\.111.*
>> permit = ^192\.168\.111\.12$
>> }
>
> perhaps trailing whitespace or non-printable characters?
I have deleted all unnecessary whitespaces and checked for non-printable
characters with ":set list" in vim - no changes.
I also tried version F4.0.4.19 and it works as expected. I see that one
of the changes in F4.0.4.20 was "- Drop the private regex library in
favor of libc's. A system w/o a regex is one I dont care about." Maybe
I should install some additional packages? It really seems like a regex
problem.
--
Ignas K.
More information about the tac_plus
mailing list