Just configure the group on the concetrator as "external". Then on the freeradius create a user with the same name. IMPORTANT: Use the attribute "VPN IPSec-Authentication == 1" if you like to authenticate them through radius.
Here are the other possible values: 0=None 1=Radius 2=Ldap 3=NT Domain 4=SDI 5=Internal (on the vpn concentrator) 7=Kerberos/Activedirectory best rgds -Karel -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von John Sorel Gesendet: Mittwoch, 18. Mai 2005 16:19 An: freeradius-users@lists.freeradius.org Betreff: Cisco VPN3005 group auth I have a Cisco VPN concentrator and am trying to get group authentication working with the FreeRadius server. User authentication works fine but the radius server doesn't seem to care what group the user logs in with. Does anyone have a similar working setup? If I configure the group on the concentrator to be "external" then the radius server is asked to authenticate the group but not the user. If I configure the group on the concentator to be "internal" then the group is authenticated on the concentrator and the user is passed to the radius server but there is no matchup between the group and the user. John Sorel Network Engineer Upromise, Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html