Hi.
I need to “profile” VPN users authenticated by a WIndows Domain Controller with Radius (or AD integration if possible). Client VPN will be SSTP (but it is not relevant).
The goal is to permit to a brach of users to reach a LAN network segment and a other branch to reach a different LAN network segment.
I read somehing about , but i want to use only a Radius server (http://forum.mikrotik.com/t/assign-specific-radius-to-specific-ppp-profile-l2tp/87005/1)
For example: 3 AD users (red, yellow, green) member of a 3 different security group (red_group, yellow_group, green_group).
red_group users must reach only red segment (192.168.100.0/24)
yellow_group users must reach only yellow segment (192.168.150.0/24)
green_group users must reach only green segment (192.168.200.0/24)
I will set some deny rules in IP-Firewall , but first i need to got user in right network segment!
How can i achieve this goal?
Thank you.