Thanks it works now. The problem was a conflict with attributes of an other vendor.
Is there a possibility in freeradius to configure a kind of attribute filter for different clients types. At our special case we would like to return the Class Attribut to our firewall but the attributes Tunnel-Private-Group-Id, Filter-Id and Tunnel-Group to our access points. The problem was that when we send this attributes to the firewall the authentication fails. After deleting them everything works perfect. At the moment the return attributes are saved in the user object in eDirectory. Thanks Berndt Am 21.02.2007 um 14:57 schrieb Deramus, Chris: > Assuming you have your reply table set up properly the following > should > work: > > id UserName Attribute Value op > 1 test.user Class TestGroup == > > I've used this set up for 3 years with both Cisco 3000's and for the > past year with ASA 5000's and it works like a charm. > > -----Original Message----- > From: > [EMAIL PROTECTED] > [mailto:freeradius-users-bounces > [EMAIL PROTECTED] > us.org] On Behalf Of Berndt Sevcik > Sent: Wednesday, February 21, 2007 8:03 AM > To: FreeRadius users mailing list > Subject: VPN and Group Policy > > We are using a Cisco ASA Firewall for VPN access (lika a VPN3000). > > The RADIUS server should authenticate our users and assign them a > group > policy. Somewhere I read that I have to send the CLASS attribute in > the > RADIUS reply to assign the grou policy to a user. > > When I look at the debug output from the firewall I can see that the > attribut is sent to the firewall. Also the access accept packet is > received by the firewall. > > Radius: Code = 2 (0x02) > Radius: Identifier = 17 (0x11) > Radius: Length = 88 (0x0058) > Radius: Vector: 2B9061A9AA15E08DA2F1FACCFFD012F7 > Radius: Type = 25 (0x19) Class > Radius: Length = 16 (0x10) > Radius: Value (String) = > 4f 55 3d 49 54 2d 53 65 72 76 69 63 65 3b | OU=IT-Service; > ,,,,, > rad_procpkt: ACCEPT > RADIUS_ACCESS_ACCEPT: normal termination RADIUS_DELETE remove_req > 0xf6d9874 session 0x208 id 17 free_rip 0xf6d9874 > radius: send queue empty > > Is there an other attribut so send back? Something special to know > about > freeRADIUS config? Has someone a working config ore some tipps for me? > > Thanks in advance. > > Berndt > > ----------------------------------------- > TGM - Die Schule der Technik > IT-Service > A-1200 Wien, Wexstr. 19-23 > Tel. +43(1)33126/316 Fax: +43(1)33126/154 > E-Mail: [EMAIL PROTECTED] > ----------------------------------------- > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ > users.html ----------------------------------------- TGM - Die Schule der Technik IT-Service A-1200 Wien, Wexstr. 19-23 Tel. +43(1)33126/316 Fax: +43(1)33126/154 E-Mail: [EMAIL PROTECTED] ----------------------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
