# This file is part of the libnss-mapuser package.
# It should be world readable.  It does not contain any security
# sensitive information.
#
# Edit /etc/nsswitch.conf to add mapuser and mapuid to the passwd lookup,
# similar to the example below.
# mapuid must be the be prior to compat, since uid lookups would
# otherwise always match via compat, and mapuser must be last, since
# it always matches anything.
#    passwd: mapuid compat mapuser

# if set, errors and other issues are logged with syslog
# debug=1

# min_uid is the minimum uid to lookup.  Setting this to 0
# means uid 0 (root) is never looked up, good for robustness and performance
# Cumulus Linux ships with it set to 1001, so we never lookup system
# users, or the standard "cumulus" account.  You may want to change this
# to the value of the radius_user account.
min_uid=1001

# This is a comma separated list of usernames that are never mapped
# because they are standard accounts.  They cause an early not found
# return.
#
# "*" is not a wild card.  While it's not a legal username, it turns out
# that during pathname completion, bash can do an NSS lookup on "*"
# To avoid server round trip delays, or worse, unreachable server delays
# on filename completion, we include "*" in the exclusion list.
exclude_users=root,daemon,cron,cumulus,quagga,frr,man,ntp,radius_user,sshd,snmp,nobody,*

# Map all usernames to the radius_user account (use the uid, gid, shell, and
# base of the home directory from the cumulus entry in /etc/passwd).
mapped_user=radius_user