ACL fails on Windows - works on Linux

I am the admin/owner of a TS net and if I use the following ACL then I can ping any IP on the network from my Windows machine

{"action": "accept", "src": ["*"], "dst": ["*:*"]},

However, if I change the ACL to the one below (which in theory should make no difference to me) then I can no longer access any IP :frowning:

{"action": "accept","src":["autogroup:owner", "autogroup:admin"],"dst":["*:*"]},

If I try from a Linux server to another Linux server the ACL works fine - it’s just from a Windows machine to other IP’s that doesn’t.

Am I misunderstanding something on ACL’s? If so, why does the ACL apply correctly on Linux servers?

NB. 1.42.0 on all boxes

it’s as if the Windows client doesn’t realise I am logged in as the owner …


No one come across this issue ? Damn - was hoping it would be a quick fix …

And the answer was:

The Windows client I was having issues with was tagged. I’d originally thought that tagging was just a simple way of logically linking stuff together; turns out it’s a lot more than that!

For those interested:
Server role accounts using ACL tags · Tailscale

And a big “shout out” to DentonGentry (Denton Gentry) · GitHub for providing me with the solution - cheers!