<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tele-GroteskNor;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Tele-GroteskNor;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 151.05pt 2.0cm 151.05pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=DE link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'>Hi all,<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'>we use the radiator in combination with Cisco VPN
Concentrators several years. In our configuration we need the group-lock
feature to lock users in special VPN Groups. The configuration look likes this:<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> AuthByPolicy ContinueWhileIgnore<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> <AuthBy LDAP2><o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> Host hostname<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> BaseDN dc=xxx,dc=xxx,dc=xx<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> Scope sub<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> ServerChecksPassword<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> UsernameAttr sAMAccountname<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> SearchFilter (&(&(%0=%1)(msNPAllowDialin=TRUE))(|(department=test1*)(department=
test 2*)(department= test 3*)(department= test 4*)))<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> AuthAttrDef
extensionAttribute1,Framed-IP-Address, reply<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> AddToReply Class = "testing"<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> Timeout 10<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> Version 3<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> AuthDN cn=xxx,ou=xxx,ou=xxx,ou=xxx,dc=xxx,dc=xxx,dc=xxx<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'> AuthPassword Password<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'>With Concentrators it works fine!<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'>If I use the same replay attribute
“AddToReply” whit a Cisco ASA it seams that the ASA does not
understood that attribute and the authentication failed.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'>Is there anyone with a nice idea?<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'>Kind Regards<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span lang=EN-US
style='font-size:10.0pt'>Harald<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Harald Zwanziger <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>T-Systems Solution for Research GmbH<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Delivery Netze<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Harald Zwanziger<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Netzwerkadministrator<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Linder Höhe, 51147 Köln<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Telefon: +49 (2203) 601-2038<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Telefax: +49 (2203) 601-2104<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>E-Mail: mailto:harald.zwanziger@t-systems.com<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Internet: http://www.t-systems-sfr.com<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>T-Systems Solutions for Research GmbH<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Aufsichtsrat: Dr. Hagen Hultzsch (Vorsitzender)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Geschäftsführung: Jürgen Aumayer (Vorsitzender), Hans Gersing, Dr.
Claus-Axel Müller<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Handelsregister: Amtsgericht München, HRB 12 55 01, Sitz der
Gesellschaft:<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>Weßling<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'>USt.-IdNr.: DE 193456493<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face=Tele-GroteskNor><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>