2008 R2 NPS server set group and class or filter-id attribute

class and filter-ID is applying for identify the user group in "access-accept" of RADIUS packets, and then NAS will base on this attribute to identify the user role.

In general, freeradius can create account + class attribute for grouping users
But NPS can't bind user account and group at the same time.
The followings guide how to build relationship to account and class attribute.

1.create group at active directory

2.bind user into group

3.create network policy + configure class attribute, like teacher or student

4.configure class attribute, remove service type and frame protocol first

Once user authenticated successfully, the account will earn a user role for group the users. Like teacher and student and then managed them by firewall policy.