https://community.cisco.com/t5/network-access-control/radius-and-usergroups-authorization-script/m-p/396903#M432530 <P>I am running Cisco Access Registrar and I need to run a tcl script as a UserGroups' AuthorizationScript, but it never seems to be triggered. The idea is to have a script which will check a user's group against the number that they dialled and accept or reject them if they match.</P><P>To test this, I set up a 'testing' group as follows:</P><P>//localhost/Radius/UserGroups/testing</P><P></P><P>With these settings:</P><P> Name = testing</P><P> Description = "Testing group profile"</P><P> BaseProfile~ = testing</P><P> AuthenticationScript~ = </P><P> AuthorizationScript~ = testing</P><P> Attributes/</P><P> CheckItems/</P><P></P><P>The testing script itself is set up as follows:</P><P>[ //localhost/Radius/Scripts/testing ]</P><P> Name = testing</P><P> Description = "The testing script"</P><P> Language = tcl</P><P> Filename = testing.tcl</P><P> EntryPoint = testing</P><P> InitEntryPoint = </P><P> InitEntryPointArgs = </P><P></P><P>The script itself I've kept really simple just to see if it will work:</P><P>proc testing {request response environ} {</P><P> $environ put Response-Type "Access-Reject"</P><P>}</P><P></P><P>What happens is that the dialup process never hits that script. The user gets an Access-Accept without ever the script having run. It never shows up in the Radius trace logs. The user that dials in gets correctly identified as part of the UserGroup "testing" and is immediately set up with a session.</P><P></P><P>Is there anything that could be overriding the AuthorizationScript step? What else do I need to get Radius to trigger the script?</P><P></P><P>Thanks,</P><P></P><P>Marko</P> Sun, 10 Mar 2019 21:02:49 GMT marko.djukic 2019-03-10T21:02:49Z https://community.cisco.com/t5/network-access-control/radius-and-usergroups-authorization-script/m-p/396903#M432530 <P>I am running Cisco Access Registrar and I need to run a tcl script as a UserGroups' AuthorizationScript, but it never seems to be triggered. The idea is to have a script which will check a user's group against the number that they dialled and accept or reject them if they match.</P><P>To test this, I set up a 'testing' group as follows:</P><P>//localhost/Radius/UserGroups/testing</P><P></P><P>With these settings:</P><P> Name = testing</P><P> Description = "Testing group profile"</P><P> BaseProfile~ = testing</P><P> AuthenticationScript~ = </P><P> AuthorizationScript~ = testing</P><P> Attributes/</P><P> CheckItems/</P><P></P><P>The testing script itself is set up as follows:</P><P>[ //localhost/Radius/Scripts/testing ]</P><P> Name = testing</P><P> Description = "The testing script"</P><P> Language = tcl</P><P> Filename = testing.tcl</P><P> EntryPoint = testing</P><P> InitEntryPoint = </P><P> InitEntryPointArgs = </P><P></P><P>The script itself I've kept really simple just to see if it will work:</P><P>proc testing {request response environ} {</P><P> $environ put Response-Type "Access-Reject"</P><P>}</P><P></P><P>What happens is that the dialup process never hits that script. The user gets an Access-Accept without ever the script having run. It never shows up in the Radius trace logs. The user that dials in gets correctly identified as part of the UserGroup "testing" and is immediately set up with a session.</P><P></P><P>Is there anything that could be overriding the AuthorizationScript step? What else do I need to get Radius to trigger the script?</P><P></P><P>Thanks,</P><P></P><P>Marko</P> Sun, 10 Mar 2019 21:02:49 GMT https://community.cisco.com/t5/network-access-control/radius-and-usergroups-authorization-script/m-p/396903#M432530 marko.djukic 2019-03-10T21:02:49Z https://community.cisco.com/t5/network-access-control/radius-and-usergroups-authorization-script/m-p/396904#M432532 <HTML><HEAD></HEAD><BODY><P>More information on the Cisco Access Registrar scripts is given in the document.</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/3_5/concepts/scripts.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cnsar/3_5/concepts/scripts.htm</A></P></BODY></HTML> Tue, 15 Mar 2005 17:12:20 GMT https://community.cisco.com/t5/network-access-control/radius-and-usergroups-authorization-script/m-p/396904#M432532 owillins 2005-03-15T17:12:20Z