Fajar wrote: > > In FR-2.x you should be able to use > > DEFAULT Client-Shortname == ap-2000-cd6, Auth-type := reject, > Fall-Through = yes
Turns out the guest network is on a separate wireless VLAN, not on separate access points as first thought. Based on the debug output down below, could I do the following in the users file?: DEFAULT User-Password == "letmelook" Airespace-Wlan-Id = 4 Fall-Through = No rad_recv: Access-Request packet from host 172.18.17.152:32769, id=239, length=151 User-Name = "000b6b-b30fe2" Called-Station-Id = "00-1c-b1-06-bb-50:adisNet" Calling-Station-Id = "00-0b-6b-b3-0f-e2" NAS-Port = 1 NAS-IP-Address = 172.18.17.152 NAS-Identifier = "lkywcs02" --> Airespace-Wlan-Id = 4 <-- --> User-Password = "letmelook" <-- Service-Type = Call-Check Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 2 rlm_realm: No '@' in User-Name = "000b6b-b30fe2", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 radius_xlat: '000b6b-b30fe2' rlm_sql (sql): sql_set_user escaped user --> '000b6b-b30fe2' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '000b6b-b30fe2' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '000b6b-b30fe2' ORDER BY id rlm_sql (sql): User 000b6b-b30fe2 not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '000b6b-b30fe2' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '000b6b-b30fe2' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '000b6b-b30fe2' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '000b6b-b30fe2' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 2 modcall: leaving group authorize (returns ok) for request 2 rad_check_password: Found Auth-Type System rad_check_password: Found Auth-Type Accept Warning: Found 2 auth-types on request for user '000b6b-b30fe2' rad_check_password: Auth-Type = Accept, accepting the user Login OK: [000b6b-b30fe2] (from client louwcs02 port 1 cli 00-0b-6b-b3-0f-e2) Sending Access-Accept of id 239 to 172.18.17.152 port 32769 Finished request 2 Going to the next request --- Walking the entire request list --- Cleaning up request 0 ID 237 with timestamp 4f26ad48 Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 238 with timestamp 4f26ad4d Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 239 with timestamp 4f26ad4e Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html