I have a set of high school users on campus who do not get local user accounts, but still need wireless access. I'm trying to avoid setting up a new SSID for them, but I'm not sure if I can work around eduroam.
My local users match on the service with @trentu.ca, and their usernames are stripped to match the samaccountname. If I assign these students arbitrary guest account usernames (user-cpg@trentu.ca), they will work, but I then have to manually deal with getting their credentials to their real address.
My eduroam visitors match on the next service which just checks for the @ sign. These all get proxied up the eduroam chain.
So what I thought might work is putting a new service between the two that would match the @, but authenticate against the guest user database and not strip the username. But of course any eduroam visitors will fall into that service and then fail authentication.
So to make a long question short, is there any way to set up a service that will continue to the next service if user is not found?