ACL fails on Windows - works on Linux

stevecliff1 · June 18, 2023, 1:15pm

I am the admin/owner of a TS net and if I use the following ACL then I can ping any IP on the network from my Windows machine

{"action": "accept", "src": ["*"], "dst": ["*:*"]},

However, if I change the ACL to the one below (which in theory should make no difference to me) then I can no longer access any IP

{"action": "accept","src":["autogroup:owner", "autogroup:admin"],"dst":["*:*"]},

If I try from a Linux server to another Linux server the ACL works fine - it’s just from a Windows machine to other IP’s that doesn’t.

Am I misunderstanding something on ACL’s? If so, why does the ACL apply correctly on Linux servers?

NB. 1.42.0 on all boxes

it’s as if the Windows client doesn’t realise I am logged in as the owner …

Thanks!

stevecliff1 · June 19, 2023, 7:49pm

No one come across this issue ? Damn - was hoping it would be a quick fix …

stevecliff1 · June 19, 2023, 9:39pm

And the answer was:

The Windows client I was having issues with was tagged. I’d originally thought that tagging was just a simple way of logically linking stuff together; turns out it’s a lot more than that!

For those interested:
Server role accounts using ACL tags · Tailscale

And a big “shout out” to DentonGentry (Denton Gentry) · GitHub for providing me with the solution - cheers!

Topic		Replies	Views
ACL not working as advertised ACL (Access Control Lists)	4	718	June 30, 2023
Shared Server cannot be reached ACL (Access Control Lists)	11	1452	January 6, 2023
ACL for Tag Owners ACL (Access Control Lists)	3	541	May 11, 2023
Default block still allows ping and ssh ACL (Access Control Lists)	25	3321	November 14, 2022
Remote Management Policy	1	336	December 13, 2022

ACL fails on Windows - works on Linux

Related Topics