[tac_plus] host acl always denies
heasley
heas at shrubbery.net
Fri Jan 20 23:44:36 UTC 2012
Fri, Jan 13, 2012 at 11:52:30AM +0200, Ignas Kazlauskas:
>
>
> On 2012.01.12 18:47, heasley wrote:
> > Thu, Jan 12, 2012 at 10:17:23AM +0200, Ignas Kazlauskas:
> >> Hello,
> >> I have a simple tac_plus config with a host acl. The problem is I always
> >> get denied, even with ".*". Tried versions tacacs+-F4.0.4.20 and
> >> tacacs+-F5.0.0a1. What's wrong (Linux CentOS6, Debian6)?
> >>
> >> tac_plus.conf
> >> =============
> >>
> >> accounting file = /var/log/tacacs/acc.log
> >> key = testing123
> >>
> >> acl = alist {
> >> permit = .*
> >> permit = ^192.*
> >> permit = 192.168.111\.12$
> >> permit = 192.168.111.12
> >> permit = 192\.168\.111.*
> >> permit = ^192\.168\.111\.12$
> >> }
> >
> > perhaps trailing whitespace or non-printable characters?
>
> I have deleted all unnecessary whitespaces and checked for non-printable
> characters with ":set list" in vim - no changes.
have you verified that the client (router/device) is connecting with the
ip address that you're trying to match in the acl?
More information about the tac_plus
mailing list