[tac_plus] Default service and authorization script don't work at the same time
Kurenyshev Vjacheslav
v.kurenyshev at oao.kuzbass.net
Thu Jan 22 05:33:50 UTC 2009
Hi!
I have a Tacacs+ on Debian server.
The version of tac-plus is F4.0.4.alpha.
There are following lines in the config file:
user = test2 {
member = admins
login = nopassword
}
group = admins {
before authorization "/etc/tac-plus/script $user $name $address"
default service = permit
cmd = ip {
deny domain-lookup
permit .*
}
service = exec {
priv-lvl = 15
idletime = 30
}
}
When I try to start tacacs server I get:
# /etc/init.d/tac-plus restart
Restarting Tacacs+ server: Error: Unrecognised keyword default for user
on line 49
tac_plus.
Line 49 is 'default service = permit'.
Why is it wrong?
But. if to change the order of lines to following:
...
group = admins {
default service = permit
before authorization "/etc/tac-plus/script $user $name $address"
...
Tacacs server starts correctly.
But when I login to cisco and type any command I get: Command
authorization failed.
But, default service = permit is in config!!
Why this happens and how to fix it ?
Thank you for attention.
Bye.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20090122/d880600f/attachment.html
More information about the tac_plus
mailing list