how to configure Cisco vpn clients againts freeradius

Jevos, Peter Peter.Jevos at
Wed Jul 14 15:58:50 CEST 2010

I installed the Freeradius and I'd like to authenticate cisco vpn
clients against AD
Clients are autheticated thorugh domainame\username and password and
they need to be a members of the AD group

I have already running AD authentication but with the access to the
router ( priv level 15 )

What shoud I set in the users file ?

My current seetings is:


user   Auth-Type := ntlm_auth
        Service-Type = NAS-Prompt-User,
        cisco-avpair = "shell:priv-lvl=15"


ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key

Then I added another ntlm authentication for the VPN Cisco clients:

ntlm_auth2 = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --domain=%{mschap:NT-Domain:}
--require-membership-of='SOMEDOMAIN+domain users'"

And I added this lines into users file:
DEFAULT         Huntgroup-Name == "vpn"
                Auth-Type := ntlm_auth2

Huntgroup file:

vpn             NAS-IP-Address == x.x.x.x , NAS-Port-Type == "Virtual"

But it doesn't work

When I run command "ntlm_auth --request-nt-key --username=MYNAME
--require-membership-of='SOMEDOMAIN+domain users'" , it works

Can somebody help me how should look Users file


More information about the Freeradius-Users mailing list