On Sun, 2014-05-25 at 01:39 +0800, Steve wrote: > Trying to use select-group and cert auth only in 0.8, AnyConnect iOS > client seems never prompt group select form, any idea? > > The client cert like: Subject: C=US, ST=California, L=San Francisco, > O=WWW, OU=g1, OU=g2, OU=g3, CN=u1/emailAddress=test at test.com > conf: > cert-user-oid = 2.5.4.3 > cert-group-oid = 2.5.4.11 Hmm, ocserv gets the groups from the certificate that is being sent at the current session, and it seems anyconnect only uses the certificate initially and not at the time when the group selection should occur. I'd see whether there can be some hacks to make that work. regards, Nikos
