I am running Cisco Access Registrar and I need to run a tcl script as a UserGroups' AuthorizationScript, but it never seems to be triggered. The idea is to have a script which will check a user's group against the number that they dialled and accept or reject them if they match.
To test this, I set up a 'testing' group as follows:
//localhost/Radius/UserGroups/testing
With these settings:
Name = testing
Description = "Testing group profile"
BaseProfile~ = testing
AuthenticationScript~ =
AuthorizationScript~ = testing
Attributes/
CheckItems/
The testing script itself is set up as follows:
[ //localhost/Radius/Scripts/testing ]
Name = testing
Description = "The testing script"
Language = tcl
Filename = testing.tcl
EntryPoint = testing
InitEntryPoint =
InitEntryPointArgs =
The script itself I've kept really simple just to see if it will work:
proc testing {request response environ} {
$environ put Response-Type "Access-Reject"
}
What happens is that the dialup process never hits that script. The user gets an Access-Accept without ever the script having run. It never shows up in the Radius trace logs. The user that dials in gets correctly identified as part of the UserGroup "testing" and is immediately set up with a session.
Is there anything that could be overriding the AuthorizationScript step? What else do I need to get Radius to trigger the script?
Thanks,
Marko