Hi, During a rebuild of our Radius servers from an old freeradius 1.x install to 2.1.10, we've lost ability to push multiple usergroups to our Cisco LNS: MySQL: radcheck: id UserName Attribute op Value 9791 t...@realm Password := {clear}somepass
radgroupreply: id GroupName Attribute op Value 161 VRF-TEST Cisco-AVPair += ip:vrf-id=TEST 162 VRF-TEST Cisco-AVPair += ip:ip-unnumbered=loopback25 2211 QOS-PROFILE Cisco-AVPair += ip:sub-qos-policy-out=TEST-QOS-PROFILE radreply: id UserName Attribute op Value 124561 t...@realm Framed-IP-Netmask = 255.255.255.255 124571 t...@realm Framed-IP-Address = 1.1.1.1 usergroup: UserName GroupName priority t...@realm VRF-TEST 1 t...@realm QOS-PROFILE 2 debugging Radius on the Cisco shows (amongst other things): RADIUS: Vendor, Cisco [26] 21 RADIUS: Cisco AVpair [1] 15 "ip:vrf-id=TEST" RADIUS: Vendor, Cisco [26] 35 RADIUS: Cisco AVpair [1] 29 "ip:ip-unnumbered=loopback25" If you set QOS-PROFILE to priority 0 for example, it will then only pick up the QOS-PROFILE usergroup, not both. Setting both usergroups to same priority yeilds the same results; only applying the first, never both. To rule out the Cisco i've performed a tcpdump on Radius itself; I can only see freeradius sending one usergroup in the Access-Accept response. This is also a fresh freeradius install via FreeBSD ports; no configuration was carried over from the previous install except for MySQL DB credentials. Thoughts? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html