[tac_plus] tac_plus issues

Alan McKinnon alan.mckinnon at gmail.com
Thu Sep 12 09:09:36 UTC 2013 

On 11/09/2013 19:43, Bo Byrd wrote:
> Hello,
> 
> I have authorization set up but it only seems to work if there are no
> arguments to a command.  so my user can 'exit' and can 'show' but cannot
> 'show run' even though I used the 'permit .*' under the cmd = show section
> 
> Here is my log, can you tell what is wrong?  Thanks for this nifty software!

Please post your complete tac_plus.conf (redact passwords and sensitive
info as necessary)



> 
> 
> Reading config
> Version F4.0.4.19 Initialized 1
> tac_plus server F4.0.4.19 starting
> uid=559 euid=559 gid=559 egid=559 s=4
> connect from 192.168.0.85 [192.168.0.85]
> login query for 'ro' tty10 from 192.168.0.85 accepted
> connect from 192.168.0.85 [192.168.0.85]
> connect from 192.168.0.85 [192.168.0.85]
> Start authorization request
> do_author: user='ro'
> user 'ro' found
> authorize_cmd: user=ro, cmd=show
> line 7 compare show permit '.*' & '<cr>' match
> show <cr> permitted by line 7
> authorization query for 'ro' tty10 from 192.168.0.85 accepted
> connect from 192.168.0.85 [192.168.0.85]
> connect from 192.168.0.85 [192.168.0.85]
> Start authorization request
> do_author: user='ro'
> user 'ro' found
> authorize_cmd: user=ro, cmd=show running-config
> cmd show running-config does not exist, denied by default
> authorization query for 'ro' tty10 from 192.168.0.85 rejected
> connect from 192.168.0.85 [192.168.0.85]
> connect from 192.168.0.85 [192.168.0.85]
> Start authorization request
> do_author: user='ro'
> user 'ro' found
> authorize_cmd: user=ro, cmd=exit
> line 11 compare exit permit '.*' & '<cr>' match
> exit <cr> permitted by line 11
> authorization query for 'ro' tty10 from 192.168.0.85 accepted
> connect from 192.168.0.85 [192.168.0.85]
> connect from 192.168.0.85 [192.168.0.85]
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20130911/7d551681/attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
> 


-- 
Alan McKinnon
alan.mckinnon at gmail.com

More information about the tac_plus mailing list