Hi , My cisco sends to radius it's ip address, and isakmp-group-id ( or profile name ) Debug from radius -X :
Cisco-AVPair = "isakmp-group-id=CiscoGroup" Acct-Session-Id = "61286" User-Name = "domain\\user" Cisco-AVPair = "connect-progress=No Progress" Acct-Authentic = Local Acct-Status-Type = Start NAS-Port-Type = Virtual NAS-Port = 20 NAS-IP-Address = 10.1.1.1 How should I configure freeradius to accept request for this group (isakmp-group-id=CiscoGroup ) only for users, that are authenticated against Auth-Type := ntlm_auth_vpn_osw ( already used and working ) ? However other groups ( or profiles ) should be authenticated against Auth-Type := vpn_auth_name I tried this settings in the Users file but It doesn't work DEFAULT Auth-Type := ntlm_auth_vpn_osw, NAS-IP-Address == 10.1.1.1, Cisco-AVPair == " CiscoGroup " Service-Type = Framed-User, Framed-Protocol = PPP, DEFAULT Auth-Type := vpn_auth_name Service-Type = Framed-User, Framed-Protocol = PPP, Thanks pet
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html