I am running Cisco Access Registrar and I need to run a tcl script as a UserGroups' AuthorizationScript, but it never seems to be triggered. The idea is to have a script which will check a user's group against the number that they dialled and accept or reject them if they match.

To test this, I set up a 'testing' group as follows:

//localhost/Radius/UserGroups/testing

With these settings:

Name = testing

Description = "Testing group profile"

BaseProfile~ = testing

AuthenticationScript~ =

AuthorizationScript~ = testing

Attributes/

CheckItems/

The testing script itself is set up as follows:

[ //localhost/Radius/Scripts/testing ]

Name = testing

Description = "The testing script"

Language = tcl

Filename = testing.tcl

EntryPoint = testing

InitEntryPoint =

InitEntryPointArgs =

The script itself I've kept really simple just to see if it will work:

proc testing {request response environ} {

$environ put Response-Type "Access-Reject"

}

What happens is that the dialup process never hits that script. The user gets an Access-Accept without ever the script having run. It never shows up in the Radius trace logs. The user that dials in gets correctly identified as part of the UserGroup "testing" and is immediately set up with a session.

Is there anything that could be overriding the AuthorizationScript step? What else do I need to get Radius to trigger the script?

Thanks,

Marko