Cisco 3640 + TACACS - problem with giving ip to remote user

[SP2]

Hi, people!
I have Cisco 3640 and TACACS+(free Cisco daemon).
My Cisco don't want to set up an IP address for remote user, although it was specified in tacacs cfg. I've been tried a lot with authorization and authentication, but it still works incorrectly. What's wrong?

Cisco's cfg:

aaa new-model
aaa authentication ppp auth-list1 group tacacs+ local
aaa authorization network atz-list1 group tacacs+
aaa accounting network list1 start-stop group tacacs+
...
interface Async103
ip unnumbered Ethernet0/0.5
encapsulation ppp
no ip mroute-cache
dialer in-band
async mode dedicated
peer default ip address 172.16.152.103
ppp callback accept
ppp authentication chap auth-list1
ppp authorization atz-list1
ppp accounting list1

Tacacs' cfg:
user = test {
login = cleartext test
chap = cleartext "test"
service = ppp protocol = ip {addr=172.16.152.150} }

 

[RedCTR]

Remove peer default ip address 172.16.152.103 by entering no peer default ip address.

 

[SP2]

If I delete the default ip address by entering "no default ip address", Cisco uses the remote user working ip address(it was ip address of "eth0" on my computer) and result is the same - router ignores ip, which send the TACACS.

 

[RedCTR]

If you have "obtain IP address automatically" on your modem it should work. Capture a debug ppp negotiation log from the NAS as this should show where it is failing.