On 04/11/10 10:41, Jevos, Peter wrote: > DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252 > Tunnel-Type = "ESP", > Tunnel-Private-Group-ID = "Group1", > Tunnel-Password = "cisco", > Cisco-Avpair="ipsec:dns-servers=10.1.1.6 10.1.1.7", > Cisco-Avpair="ipsec:addr-pool=vpn_pool",
This wrong; you want: Cisco-AVpair += "2nd:attribute" This is documented in the manpage and docs. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thank you, it helped but it still doesn't work as I wished: All I need is: When request comes from 10.1.1.252 and Tunnel-Private-Group-ID = "Group1", use authentication ntlm_auth_vpn, and send back Cisco-av pairs (ipsec values) When request comes from whencesoever and Tunnel-Private-Group-ID is whatever, use authentication vpn_auth_name ,and that's it My current settings is: DEFAULT Auth-Type := ntlm_auth_vpn, NAS-IP-Address == 10.1.1.252 , Tunnel-Private-Group-ID == "Group1" Tunnel-Type = "ESP", Tunnel-Private-Group-ID = "Group1", Tunnel-Password = "cisco", Cisco-Avpair="ipsec:dns-servers=10.1.1.6 10.1.1.7", Cisco-Avpair="ipsec:addr-pool=vpn_pool", Cisco-Avpair="ipsec:inacl=101", Cisco-Avpair="ipsec:key-exchange=ike", Cisco-Avpair="ipsec:key-exchange=preshared-key", Service-Type = Framed-User, Framed-Protocol = PPP, Fall-Through = Yes DEFAULT Auth-Type := vpn_auth_name, Service-Type = Framed-User, Framed-Protocol = PPP, Thanks pet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
