When users belong to more than 10 Member groups in AD, VIP Enterprise Gateway sends the first 10 values to the VPN Gateway. This casues the VPN Gateway gateway (I.e., CISCO ASA) to reject the user.
By default, the number of response for getting an attribute value is set to 10.
> Edit the radserv.conf file located in folder <VIPEG Install folder>\Validation\servers\<Validation server name>\conf. > Change the "10" value of “server.max_attribute_in_response=10” to match or exceed the number of groups users are a part of. > Restart the validation server.
Send the validation request. The response should now show more than 10.
Imported Document ID: SO19761
Subscribing will provide email updates when this Article is updated. Login is required.