Thank you phill, that's great help, but it still doesn't work as it should. Now I don't know how should I adjust the users file : ) I used if ((NAS-IP-Address == 1.1.1.1) && "%{mschap:NT-Domain}" = "vipdomainuser")) { update control { Auth-Type := ntlm_auth_vip } update reply { Cisco-AVPair += "ipsec:addr-pool=vip_vpn_pool" } }
And in the user file is: DEFAULT Auth-Type := ntlm_auth_vpn_osw Service-Type = Framed-User, Framed-Protocol = PPP, With this it's working as it should , however if request comes from the different NT-Domain then "vipdomainuser" it's blocked ( according the ntlm_auth_vip ), and it doesn't go to another DEFAULT rule where everybody can pass. I trid also Fall-through parameter, it didn't work as well, I'm sorry that I'm bothering again ( Alan tried to explain me many times ), but I was using MS IAS many years, and my concepts come from this system Thank you - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html