As a hint, if you don't implement a rule for a different NT-Domain, then the rules for that different NT-Domain won't be applied. Because they don't exist.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thank you Alan , it makes sense. But it doesn't solve my problem In my cisco configuration there is a group: crypto isakmp client configuration group vipgroup key xxxx dns 1.1.11.10 1.1.11.11 wins 1.1.11.12 1.1.11.13 pool vpn-vipgroup How could i ensure that this group with this parameters will be accesible only for the users from the domain vipdomainusers ( e.g. ntlm_auth_vipusers authentication) ? The other groups configured on the same router will be accessible for any domain users ( but i cannot name hundreds domains in the freeradius config ) point is that cisco radius doesn't send a group name ( vipgroup ) in the request to the radius server Ok, i can return CiscoAv pairs (pool, dns... )to the router, but still if any domain user try to connect to the group vipgroup, it recieves the pool and other parameters thanks, you're great that you can help us pet thanks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html