4 files changed, 17 insertions, 17 deletions

diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index a8c8ff2a2..aca1dbe46 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -161,7 +161,7 @@ def verify(bgp):
                 # Check if neighbor has both ipv4 unicast and ipv4 labeled unicast configured at the same time.
                 if 'ipv4_unicast' in peer_config['address_family'] and 'ipv4_labeled_unicast' in peer_config['address_family']:
                     raise ConfigError(f'Neighbor "{peer}" cannot have both ipv4-unicast and ipv4-labeled-unicast configured at the same time!')
-                    
+
                 # Check if neighbor has both ipv6 unicast and ipv6 labeled unicast configured at the same time.
                 if 'ipv6_unicast' in peer_config['address_family'] and 'ipv6_labeled_unicast' in peer_config['address_family']:
                     raise ConfigError(f'Neighbor "{peer}" cannot have both ipv6-unicast and ipv6-labeled-unicast configured at the same time!')
@@ -214,7 +214,7 @@ def verify(bgp):
                 if dict_search(f'parameters.distance.global.{key}', bgp) == None:
                     raise ConfigError('Missing mandatory configuration option for '\
                                      f'global administrative distance {key}!')
-        
+
     # Throw an error if the address family specific administrative distance parameters aren't all filled out.
     if dict_search('address_family', bgp) == None:
         pass
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py
index c8b81d80a..da0fc2a25 100755
--- a/src/conf_mode/system-login.py
+++ b/src/conf_mode/system-login.py
@@ -209,27 +209,27 @@ def apply(login):
         for user, user_config in login['user'].items():
             # make new user using vyatta shell and make home directory (-m),
             # default group of 100 (users)
-            command = 'useradd -m -N'
+            command = 'useradd --create-home --no-user-group'
             # check if user already exists:
             if user in get_local_users():
                 # update existing account
                 command = 'usermod'
 
             # all accounts use /bin/vbash
-            command += ' -s /bin/vbash'
+            command += ' --shell /bin/vbash'
             # we need to use '' quotes when passing formatted data to the shell
             # else it will not work as some data parts are lost in translation
             tmp = dict_search('authentication.encrypted_password', user_config)
-            if tmp: command += f" -p '{tmp}'"
+            if tmp: command += f" --password '{tmp}'"
 
             tmp = dict_search('full_name', user_config)
-            if tmp: command += f" -c '{tmp}'"
+            if tmp: command += f" --comment '{tmp}'"
 
             tmp = dict_search('home_directory', user_config)
-            if tmp: command += f" -d '{tmp}'"
-            else: command += f" -d '/home/{user}'"
+            if tmp: command += f" --home '{tmp}'"
+            else: command += f" --home '/home/{user}'"
 
-            command += f' -G frrvty,vyattacfg,sudo,adm,dip,disk {user}'
+            command += f' --groups frrvty,vyattacfg,sudo,adm,dip,disk {user}'
             try:
                 cmd(command)
 
@@ -254,7 +254,7 @@ def apply(login):
                     call(f'pkill -HUP -u {user}')
 
                 # Remove user account but leave home directory to be safe
-                call(f'userdel -r {user}', stderr=DEVNULL)
+                call(f'userdel --remove {user}', stderr=DEVNULL)
 
             except Exception as e:
                 raise ConfigError(f'Deleting user "{user}" raised exception: {e}')
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index b2aa13c0d..2986c3458 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -73,7 +73,7 @@ def verify(ocserv):
 
     # Check ssl
     if "ssl" in ocserv:
-        req_cert = ['ca_cert_file', 'cert_file', 'key_file']
+        req_cert = ['cert_file', 'key_file']
         for cert in req_cert:
             if not cert in ocserv["ssl"]:
                 raise ConfigError('openconnect ssl {0} required'.format(cert.replace('_', '-')))
diff --git a/src/pam-configs/radius b/src/pam-configs/radius
index 0e2c71e38..aaae6aeb0 100644
--- a/src/pam-configs/radius
+++ b/src/pam-configs/radius
@@ -3,18 +3,18 @@ Default: yes
 Priority: 257
 Auth-Type: Primary
 Auth:
-    [default=ignore success=1] pam_succeed_if.so uid eq 1001 quiet
-    [default=ignore success=ignore] pam_succeed_if.so uid eq 1002 quiet
+    [default=ignore success=1] pam_succeed_if.so uid eq 1000 quiet
+    [default=ignore success=ignore] pam_succeed_if.so uid eq 1001 quiet
     [authinfo_unavail=ignore success=end default=ignore] pam_radius_auth.so
 
 Account-Type: Primary
 Account:
-    [default=ignore success=1] pam_succeed_if.so uid eq 1001 quiet
-    [default=ignore success=ignore] pam_succeed_if.so uid eq 1002 quiet
+    [default=ignore success=1] pam_succeed_if.so uid eq 1000 quiet
+    [default=ignore success=ignore] pam_succeed_if.so uid eq 1001 quiet
     [authinfo_unavail=ignore success=end perm_denied=bad default=ignore] pam_radius_auth.so
 
 Session-Type: Additional
 Session:
-    [default=ignore success=1] pam_succeed_if.so uid eq 1001 quiet
-    [default=ignore success=ignore] pam_succeed_if.so uid eq 1002 quiet
+    [default=ignore success=1] pam_succeed_if.so uid eq 1000 quiet
+    [default=ignore success=ignore] pam_succeed_if.so uid eq 1001 quiet
     [authinfo_unavail=ignore success=ok default=ignore] pam_radius_auth.so