1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
# This file is part of the libnss-mapuser package.
# It should be world readable. It does not contain any security
# sensitive information.
#
# Edit /etc/nsswitch.conf to add mapuser and mapuid to the passwd lookup,
# similar to the example below.
# mapuid must be the be prior to compat, since uid lookups would
# otherwise always match via compat, and mapuser must be last, since
# it always matches anything.
# passwd: mapuid compat mapuser
# if set, errors and other issues are logged with syslog
# debug=1
# map_min_uid is the minimum uid to lookup. Setting this to 0
# means uid 0 (root) is never looked up, good for robustness and performance
# Cumulus Linux ships with it set to 1001, so we never lookup system
# users, or the standard "cumulus" account. You may want to change this
# to the value of the radius_user account.
#map_min_uid=1001
# This is a comma separated list of usernames that are never mapped
# because they are standard accounts. They cause an early not found
# return.
#
# "*" is not a wild card. While it's not a legal username, it turns out
# that during pathname completion, bash can do an NSS lookup on "*"
# To avoid server round trip delays, or worse, unreachable server delays
# on filename completion, we include "*" in the exclusion list.
# User names starting with "tacacs[0-9]" are also ignored, in case the
# tacplus client packages are installed. User names matching
# the mapped_user and mapped_priv_user configuration fields are also ignored.
exclude_users=root,daemon,nobody,cron,sshd,cumulus,quagga,frr,snmp,www-data,ntp,man,*
# Map all usernames to the radius_user account (use the uid, gid, shell, and
# base of the home directory from the cumulus entry in /etc/passwd).
mapped_user=radius_user
# if you change the account for mapped_priv_user, you must change it in
# /etc/pam_radius_auth.conf as well.
mapped_priv_user=radius_priv_user
|
