freeradius and Cisco VPN IPSEC profiles authentication

Alan DeKok aland at
Fri Nov 12 17:35:37 CET 2010

Jevos, Peter wrote:
> Thank you phill, that's great help, but it still doesn't work as it
> should.
> Now I don't know how should I adjust the users file : )

  You don't.  The messages on this list should make it *very* clear that
 updating the "authorize" section is all that is necessary.

> With this it's working as it should , however if request comes from the
> different NT-Domain then "vipdomainuser" it's blocked ( according the
> ntlm_auth_vip ), and it doesn't go to another DEFAULT rule where
> everybody can pass.

  So.... *think* a little bit.  You wrote two rules in an earlier email.
 One was translated for you into "unlang".  It should be relatively easy
to translate the *second* one into "unlang".

  As a hint, if you don't implement a rule for a different NT-Domain,
then the rules for that different NT-Domain won't be applied.  Because
they don't exist.

  Alan DeKok.

More information about the Freeradius-Users mailing list