Hi, I am able to do authentication and authorization of the users that are in Active Directory after FreeRadius and Active Directory integration. I am now testing in real test environment with Enterasys product (Switch) in which Policy manager is already configured to assign different roles to different users. Depending upon the Filter-ID attribute value returned by FreeRadius, Enterasys switch decides what role can be assigned to the user. In my understanding I know there is the way to achieve this goal if we have Ldap-Group so that we can use as: DEFAULT Ldap-Group == "Staff" Filter-ID := "Enterasys:version=1:policy=staff", Fall-Through = No But, How to do same like this for the users in Active Directory; How to return the Filter-ID attribute value if there is no group configured in Active Directory; there is just users listings who can be authenticated and authorized using the passwords provided. The main point is: I don't have any Group configured as Ldap-Group for staff or admin or for different types of users in Active Directory. I would really appreciate if someone can give me the idea on this. Thanks,