Configuring the users File
The users file, located at /etc/raddb/users, is the home of all authentication security information for each user configured to access the system. Each user has an individual stanza, or entry. The file has a standard format for each stanza:
The first field is the username for each user, up to 253 characters.
On the same line, the next criteria are a list of required authentication attributes such as protocol type, password, and port number.
Following the first line, each user has a set of defined characteristics that allow FreeRADIUS to provision a service best for that user. These characteristics are indented under the first line and separated into one characteristic per line. For example, you might find a Login-Host entry, a dial-back configuration, or perhaps PPP configuration information.
The users file also comes with a default username of—you guessed it—DEFAULT, which is generally the catchall configuration. That is to say, if there is no explicit match for a particular user, or perhaps the attribute information for a user is incomplete, radiusd will configure the session based on the information in the DEFAULT entry.
FreeRADIUS processes this file in the order in which the entries are
listed. When information received from the RADIUS client equipment
matches an entry in the users file, FreeRADIUS
stops processing and sets the service up based on that
users file entry. However, you can alter this
behavior by setting the Fall-Through
attribute to yes ...
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.