freeradius and Cisco VPN IPSEC profiles authentication

Phil Mayers p.mayers at
Thu Nov 4 17:02:14 CET 2010

On 04/11/10 15:52, Jevos, Peter wrote:
> Dear Phil , thank you ,
>   I removed Fall through parameter, it works partially, when user comes
> from the address and Tunnel-Private-Group-ID is not Group1,
> it takes the Auth-Type := ntlm_auth_vpn ( which is wrong ), and not
> Auth-Type := vpn_auth_name.
> Therefore there must be two conditions, one is NAS-IP-Address, second is
> PVT-Group

So, match both fields.

Have you read the docs - specifically "man users"

You want something like:

DEFAULT	Auth-Type := x, Service-Type == a, Tunnel-Private-Group-Id == b
	Reply-Var-1 = ...

Note: ALL the conditions must be on the 1st line

More information about the Freeradius-Users mailing list