I'm tring to find the best way to format the rules for our needs. We have users authing over wireless and the controllers are passing radius over to the acs. Currently we identify to ad, ldap, and cisco guest server. If the user name matchs in one of those systems, they are allowed. We'd like to impose that in ad, they need to be cos1 or 2. If I add the compound condition to match that, the guest server auths stop working. How do you write out the condition? Thanks.