Jevos, Peter wrote: > Thank you Alan , it makes sense. But it doesn't solve my problem
(1) Edit your responses. It shows consideration for other people (2) pick one problem at a time. Changing "the problem" midway in a conversation makes it look like you don't care about the solution to the first problem. > In my cisco configuration there is a group: > crypto isakmp client configuration group vipgroup > key xxxx > dns 1.1.11.10 1.1.11.11 > wins 1.1.11.12 1.1.11.13 > pool vpn-vipgroup > > How could i ensure that this group with this parameters will be > accesible only for the users from the domain vipdomainusers ( e.g. > ntlm_auth_vipusers authentication) ? Go back and read my messages again. Is there anything in the RADIUS packet which will distinguish the different groups? If not, you're out of luck. > The other groups configured on the same router will be accessible for > any domain users ( but i cannot name hundreds domains in the freeradius > config ) > > point is that cisco radius doesn't send a group name ( vipgroup ) in the > request to the radius server Go ask Cisco to fix their equipment. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html