freeradius and Cisco VPN IPSEC profiles authentication

Jevos, Peter Peter.Jevos at
Fri Nov 12 18:17:20 CET 2010

  As a hint, if you don't implement a rule for a different NT-Domain,
then the rules for that different NT-Domain won't be applied.  Because
they don't exist.

  Alan DeKok.
List info/subscribe/unsubscribe? See

Thank you Alan , it makes sense. But it doesn't solve my problem
In my cisco configuration there is a group:
crypto isakmp client configuration group vipgroup
key xxxx
pool vpn-vipgroup

How could i ensure that this group with this parameters will be accesible only for the users from the domain vipdomainusers ( e.g. ntlm_auth_vipusers authentication) ?
The other groups configured on the same router will be accessible for any domain users ( but i cannot name hundreds domains in the freeradius config )

point is that cisco radius doesn't send a group name ( vipgroup ) in the request to the radius server
Ok, i can return CiscoAv pairs (pool, dns... )to the router, but still if any domain user try to connect to the group vipgroup, it recieves the pool and other parameters
thanks, you're great that you can help us


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list