I have configured my vpn concentrator to use M$ ias so users can authenticate using Acitve Directory. User with the software client are able to connect using active directory. web vpn users are unable to login using active directory but can login using the internal database. Cisco documentation says to do this for radius for webvpn
Assigning WebVPN Users to Groups
Using a RADIUS server to authenticate users, assign users to groups by following these steps:
--------------------------------------------------------------------------------
Step 1 Authenticate the user with RADIUS and use the Class attribute to assign that user to a particular group.
Step 2 Set the class attribute to the group name in the format OU=group_name
For example, to set a WebVPN user to the SSL_VPN group, set the Radius Class Attribute to a value of OU=SSL_VPN; (Don't omit the semicolon.)
I don't see where to configure this option on my vpn 30000 concentrator. I am thinking this an option for Cisco ACS server.