Greetings, In working to get my new radius server working I have run into a snag. I need to authenticate using a SQL database or system password file depending on where the request comes from, however the user may exist in both, with different passwords. How do I tell it to use the MySQL username/password pairs 'only' when it comes from a specific NAS? I have tried specifing the "Auth-Type := LOCAL" in my SQL reply tables, I have tried Autz-Type... I just don't seem to be able to get it working right. Debug output from last try is below. Currently I am not specifying a Auth-Type, but setting it to CHAP, PAP, or LOCAL doesn't work. Suggestions, pointers to documentation I may have missed, etc are gladly welcomed. ---begin DEBUG--- rad_recv: Access-Request packet from host 192.168.1.64 port 32780, id=20, length=59 User-Name = "azander" User-Password = "test321" NAS-IP-Address = 127.0.0.2 NAS-Port = 8 +- entering group authorize ++[preprocess] returns ok rlm_realm: No '@' in User-Name = "azander", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[chap] returns noop ++[mschap] returns noop ++[unix] returns updated WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{User-Name}} -> azander ++[files] returns noop expand: %{Stripped-User-Name} -> expand: %{User-Name} -> azander expand: %{%{Stripped-User-Name}:-%{User-Name}} -> azander rlm_sql (sql): sql_set_user escaped user --> 'azander' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'azander' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'azander' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'azander' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'azander' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'azander' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'azander' ORDER BY priority expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'staff' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'staff' ORDER BY id rlm_sql (sql): User found in group staff expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'staff' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'staff' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "test321" rlm_pap: Using CRYPT encryption. rlm_pap: Passwords don't match ++[pap] returns reject auth: Failed to validate the user. Login incorrect (rlm_pap: CRYPT password check failed): [azander/test321] (from client flyer port 8) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> azander attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds