VPN and Group Policy

Berndt Sevcik berndt.sevcik at tgm.ac.at
Wed Feb 21 14:03:12 CET 2007

We are using a Cisco ASA Firewall for VPN access (lika a VPN3000).

The RADIUS server should authenticate our users and assign them a  
group policy. Somewhere I read that I have to send the CLASS  
attribute in the RADIUS reply to assign the grou policy to a user.

When I look at the debug output from the firewall I can see that the  
attribut is sent to the firewall. Also the access accept packet is  
received by the firewall.

Radius: Code = 2 (0x02)
Radius: Identifier = 17 (0x11)
Radius: Length = 88 (0x0058)
Radius: Vector: 2B9061A9AA15E08DA2F1FACCFFD012F7
Radius: Type = 25 (0x19) Class
Radius: Length = 16 (0x10)
Radius: Value (String) =
4f 55 3d 49 54 2d 53 65 72 76 69 63 65 3b          |  OU=IT-Service;
rad_procpkt: ACCEPT
remove_req 0xf6d9874 session 0x208 id 17 free_rip 0xf6d9874
radius: send queue empty

Is there an other attribut so send back? Something special to know  
about freeRADIUS config? Has someone a working config ore some tipps  
for me?

Thanks in advance.


  TGM - Die Schule der Technik
  A-1200 Wien, Wexstr. 19-23
  Tel. +43(1)33126/316 Fax: +43(1)33126/154
  E-Mail: berndt.sevcik at tgm.ac.at

More information about the Freeradius-Users mailing list