freeradius and Cisco VPN IPSEC profiles authentication

Jevos, Peter Peter.Jevos at
Fri Nov 12 17:26:52 CET 2010

Thank you phill, that's great help, but it still doesn't work as it
Now I don't know how should I adjust the users file : )
I used
if ((NAS-IP-Address == && "%{mschap:NT-Domain}" =
"vipdomainuser")) {
		update control {
			Auth-Type := ntlm_auth_vip
		update reply {
			Cisco-AVPair += "ipsec:addr-pool=vip_vpn_pool"

And in the user file is:
DEFAULT          Auth-Type := ntlm_auth_vpn_osw
                 Service-Type = Framed-User,
                 Framed-Protocol = PPP,
With this it's working as it should , however if request comes from the
different NT-Domain then "vipdomainuser" it's blocked ( according the
ntlm_auth_vip ), and it doesn't go to another DEFAULT rule where
everybody can pass.
I trid also Fall-through parameter, it didn't work as well,
I'm sorry that I'm bothering again ( Alan tried to explain me many times
), but I was using MS IAS many years, and my concepts come from this

Thank you 

More information about the Freeradius-Users mailing list