freeradius and Cisco VPN IPSEC profiles authentication

Jevos, Peter Peter.Jevos at
Thu Nov 4 17:15:36 CET 2010

On 04/11/10 15:52, Jevos, Peter wrote:
> Dear Phil , thank you ,
>   I removed Fall through parameter, it works partially, when user
> from the address and Tunnel-Private-Group-ID is not Group1,
> it takes the Auth-Type := ntlm_auth_vpn ( which is wrong ), and not
> Auth-Type := vpn_auth_name.
> Therefore there must be two conditions, one is NAS-IP-Address, second
> PVT-Group

So, match both fields.

Have you read the docs - specifically "man users"

You want something like:

DEFAULT	Auth-Type := x, Service-Type == a, Tunnel-Private-Group-Id == b
	Reply-Var-1 = ...

Note: ALL the conditions must be on the 1st line
List info/subscribe/unsubscribe? See
Thank fo your reply, hoever as you can see from my previous posts, I did

DEFAULT         Auth-Type := ntlm_auth_vpn, NAS-IP-Address ==,Tunnel-Private-Group-ID == "Group1"
                Tunnel-Type = "ESP",
		    Tunnel-Private-Group-ID = "Group1",

So in the first line is: 
DEFAULT         Auth-Type := ntlm_auth_vpn, NAS-IP-Address ==,Tunnel-Private-Group-ID == "Group1"

More information about the Freeradius-Users mailing list