Вот такая проблема, значит стоит subj и если в такаксе прописано

login = dez XXXXXXXXXXXXX

и при этом используется скрипт в дайлапе клиента, получается такая фигня:

Sun Jan  4 10:50:52 2004 [94371]: login query for 'icb1' Async34 from 10.20.30.125 accepted
Jan  4 10:50:52 mil tac_plus[94371]: login query for 'icb1' Async34 from 10.20.30.125 accepted
Sun Jan  4 10:50:52 2004 [94374]: Start authorization request
Sun Jan  4 10:50:52 2004 [94374]: user 'icb1' found
Sun Jan  4 10:50:52 2004 [94374]: icb1 may run an unlimited number of sessions
Sun Jan  4 10:50:52 2004 [94374]: exec authorization request for icb1
Sun Jan  4 10:50:52 2004 [94374]: exec is explicitly permitted by line 213
Sun Jan  4 10:50:52 2004 [94374]: nas:service=shell (passed thru)
Sun Jan  4 10:50:52 2004 [94374]: nas:cmd* (passed thru)
Sun Jan  4 10:50:52 2004 [94374]: nas:absent, server:idletime=1 -> add idletime=1 (k)
Sun Jan  4 10:50:52 2004 [94374]: nas:absent, server:timeout=10 -> add timeout=10 (k)
Sun Jan  4 10:50:52 2004 [94374]: nas:absent, server:autocmd=ppp negotiate -> add autocmd=ppp negoti
ate (k)
Sun Jan  4 10:50:52 2004 [94374]: added 3 args
Sun Jan  4 10:50:52 2004 [94374]: out_args[0] = service=shell input copy discarded
Sun Jan  4 10:50:52 2004 [94374]: out_args[1] = cmd* input copy discarded
Sun Jan  4 10:50:52 2004 [94374]: out_args[2] = idletime=1 compacted to out_args[0]
Sun Jan  4 10:50:52 2004 [94374]: out_args[3] = timeout=10 compacted to out_args[1]
Sun Jan  4 10:50:52 2004 [94374]: out_args[4] = autocmd=ppp negotiate compacted to out_args[2]
Sun Jan  4 10:50:52 2004 [94374]: 3 output args
Sun Jan  4 10:50:52 2004 [94374]: authorization query for 'icb1' Async34 from 10.20.30.125 acce
pted
Jan  4 10:50:52 mil tac_plus[94374]: authorization query for 'icb1' Async34 from 10.20.30.125
accepted
Sun Jan  4 10:50:52 2004 [94375]: Start authorization request
Sun Jan  4 10:50:52 2004 [94375]: user '' or 'DEFAULT' not found, denied by default
Sun Jan  4 10:50:52 2004 [94375]: authorization query for 'unknown' Async34 from 10.20.30.125 reject
ed
Jan  4 10:50:52 mil tac_plus[94375]: authorization query for 'unknown' Async34 from 10.20.30.125 re
jected
Sun Jan  4 10:52:34 2004 [94731]: 10.20.30.10 tty37: Login aborted by request -- msg: Carrier dropped
Pped

А вот если я использую в винде авторизацию по ПАП, задаю пароль не скриптом и в такаксе делаю
#login = dez XXXXXXXXXXXXX
global = cleartext ‘XXXXXXXXXXXX’

то всё окей.

Если кому ещё что надо для решения этой проблемы говорите, покажу.

• Cisco2621XM (c2600-i-mz.122-8.T5.bin)+ tacacs + dial-up scri..., YuryD, 14:34 , 13-Янв-04, (1)  
• Cisco2621XM (c2600-i-mz.122-8.T5.bin)+ tacacs + dial-up scri..., lubeg, 13:52 , 15-Янв-04, (2)