Ars Technica

Cisco ASA VPN with RADIUS auth, locking usernames to a specific vpn group-policy

So I found this page, which indicates that the policy attribute 'group-lock' is used to limit a vpn group-policy so that valid users can only login to groups to which the radius server says they ...
Network World

The perfect certificate migration until it wasn’t: How certificates can break RADIUS trusts

RADIUS didn’t fail — certificate trust did, proving one forgotten root CA can bring modern network access to a full stop.