[phillyTD]

I have been searching these forums for any information on proper configuration of Radius and the Class attribute to lock users into certain rules. We had it working a while back where the class attribute matched the group name of the rule, so users logging would see "authenticated by Radius using nn rules" We use RSA's steel belted radius to do this. Since an upgrade to a patched version of RSA, I now see users connect and authenticate with all of our rules. It doesn't matter even if the class attribute has no matching ruleset on SmartDashboard.

I don't see anywhere in the logs where the class attribute is being seen. I also wonder why it is defaulting to all of the rules and not just denying all if they don't get a match. I know the class attribute is working, we have another VPN service that uses this and locks users into groups.

We need to lock users into the rules they need, and with thousands of existing users, cannot duplicate the user database on SmartDashboard, so want to depend on the generic* profile. I'm puzzled as why it worked, then stopped working.