1 files changed, 34 insertions, 0 deletions

diff --git a/nss_mapuser.conf b/nss_mapuser.conf
new file mode 100644
index 0000000..cf9ad71
--- /dev/null
+++ b/nss_mapuser.conf
@@ -0,0 +1,34 @@
+# This file is part of the libnss-mapuser package.
+# It should be world readable.  It does not contain any security
+# sensitive information.
+#
+# Edit /etc/nsswitch.conf to add mapuser and mapuid to the passwd lookup,
+# similar to the example below.
+# mapuid must be the be prior to compat, since uid lookups would
+# otherwise always match via compat, and mapuser must be last, since
+# it always matches anything.
+#    passwd: mapuid compat mapuser
+
+# if set, errors and other issues are logged with syslog
+# debug=1
+
+# min_uid is the minimum uid to lookup.  Setting this to 0
+# means uid 0 (root) is never looked up, good for robustness and performance
+# Cumulus Linux ships with it set to 1001, so we never lookup system
+# users, or the standard "cumulus" account.  You may want to change this
+# to the value of the radius_user account.
+min_uid=1001
+
+# This is a comma separated list of usernames that are never mapped
+# because they are standard accounts.  They cause an early not found
+# return.
+#
+# "*" is not a wild card.  While it's not a legal username, it turns out
+# that during pathname completion, bash can do an NSS lookup on "*"
+# To avoid server round trip delays, or worse, unreachable server delays
+# on filename completion, we include "*" in the exclusion list.
+exclude_users=root,cumulus,man,ntp,sshd,frr,snmp,nobody,*
+
+# Map all usernames to the radius_user account (use the uid, gid, shell, and
+# base of the home directory from the cumulus entry in /etc/passwd).
+mapped_user=radius_user