2 files changed, 30 insertions, 1 deletions

diff --git a/debian/control b/debian/control
index d0ba72bcf..2c8ee3d43 100644
--- a/debian/control
+++ b/debian/control
@@ -129,7 +129,8 @@ Depends:
   wide-dhcpv6-client,
   wireguard-tools,
   wireless-regdb,
-  wpasupplicant (>= 0.6.7)
+  wpasupplicant (>= 0.6.7),
+  ndppd
 Description: VyOS configuration scripts and data
  VyOS configuration scripts, interface definitions, and everything
 
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index 92948de12..5fadddc86 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -20,6 +20,34 @@ if ! grep -q '^minion' /etc/passwd; then
     adduser --quiet minion users
 fi
 
+# OpenVPN should get its own user
+if ! grep -q '^openvpn' /etc/passwd; then
+    adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn
+fi
+
+# Add RADIUS operator user for RADIUS authenticated users to map to
+if ! grep -q '^radius_user' /etc/passwd; then
+    adduser --quiet --firstuid 1001 --disabled-login --ingroup users --gecos "radius user" --shell /bin/vbash radius_user
+    adduser --quiet radius_user frrvty
+    adduser --quiet radius_user vyattaop
+    adduser --quiet radius_user operator
+    adduser --quiet radius_user adm
+    adduser --quiet radius_user dip
+    adduser --quiet radius_user users
+fi
+
+# Add RADIUS admin user for RADIUS authenticated users to map to
+if ! grep -q '^radius_priv_user' /etc/passwd; then
+    adduser --quiet --firstuid 1001 --disabled-login --ingroup vyattacfg --gecos "radius privileged user" --shell /bin/vbash radius_priv_user
+    adduser --quiet radius_priv_user frrvty
+    adduser --quiet radius_priv_user vyattacfg
+    adduser --quiet radius_priv_user sudo
+    adduser --quiet radius_priv_user adm
+    adduser --quiet radius_priv_user dip
+    adduser --quiet radius_priv_user disk
+    adduser --quiet radius_priv_user users
+fi
+
 # add hostsd group for vyos-hostsd
 if ! grep -q '^hostsd' /etc/group; then
     addgroup --quiet --system hostsd