Hello Peter and Alan, Thank you for your reply. I've given the documentation of Peter a look but I'm not that familiar with LDAP or how its underpinnings work in OS X Server.
When the Cisco router now authenticates against the FreeRADIUS server all works fine except for the fact that the group name is not returned with the webvpn:vpn-user-group attribute. What is unclear to me is how I instruct FreeRADIUS to include that attribute when it returns the authorization message. I have made the following addition to my clients file: client 192.168.13.1/32 { secret = xxx shortname = vpn nastype = cisco } I have added a policy to the Cisco router to pick up the attribute but it doesn't seem to get through. Can you suggest what to try next? Thanks, Sander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html