On Tue, 2016-03-29 at 02:05 +0800, Yick Xie wrote: > Well, there are still some options for us, as documented in Cisco's > manual[1] and a related guide[2]. It seems that the solution for > group policies varies from different > providers[3](Cisco/Juniper/Huawei/etc..) just like dictionaries built > in raddb. From my perspective the attribute Class (rfc2865#section > -5.25) could be a safe choice and compatible with Cisco's > standard[1](Table C-8). If needed one day, it could be scaled up > flexibly to more complicated extend as vendor specified. [...] > Under /etc/ocserv/config-per-group/, I created files named > 10,3130,31:30, and no one matched. Anything else shall be configed? Did you update the dictionary to contain class? Most likely the logic for multiple groups must be added. I'll send you a preliminary patch to check. regards, Nikos
