Hi, I'm using EAP-TTLS-PAP aginst LDAP, however I want to provide guest access to users without adding these users to the LDAP directory. I know I could add them as local users to the /etc/raddb/users file, but that would involve a SIGHUP, and I'd prefer to avoid that if I could. Instead, what I'd like to do is create a user account on the radius server itself (with nologin, and an expiry, no rights, etc..). This could be done "on-the-fly" and therefore require no such SIGHUP. Now I know Alan does not recommend DEFAULT Auth-Type, but for here, I think it might be necessary. So in my users file, I added the following: DEFAULT Auth-Type := System Fall-Through = Yes Thinking that would allow my users who have accounts on the server to login. However, that is not working because in the logs in debug mode I see: Debug: modcall: group authorize returns ok for request 0 Debug: rad_check_password: Found Auth-Type System Debug: auth: type "System" Debug: ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. Debug: auth: Failed to validate the user. I'm sure it's something small I'm missing, but can't find it. That or this is not possible and I'm missing the reason why for that too! Any advice is appreciated. Thanks Matt mda@unb.ca