Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Cyber Angels

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 184 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

users



DESCRIPTION

       The  users  file resides in the RADIUS database directory,
       by default /etc/raddb.  It contains a series of configura­
       tion  directives  which  are  used  by the files module to
       decide  how  to  authorize  and  authenticate  each   user
       request.

       Every  line  starting with a hash sign ('#') is treated as
       comment and ignored.

       Each entry of the file begins with a username, followed by
       a  (possibly  empty) list of check items, all on one line.
       The next line begins with a tab, and  a  (possibly  empty)
       list of reply items.  Each item in the check or reply item
       list is an attribute of the form name =  value.   Multiple
       items  may  be placed on one line, in which case they must
       be seperated by commas.  The reply items may be  specified
       over multiple lines, in which case each line must end with
       a comma, and the last line of the reply items must not end
       with a comma.

       The check items are a list of attributes used to match the
       incoming request.  If the username matches, AND all of the
       check  items  match  the  incoming request, then the reply
       items are added to the list of attributes  which  will  be
       used  in  the  reply  to  that  request.   This process is
       repeated for all of the entries in the users file.

       If the incoming request matches NO entry, then the request
       is rejected.


CAVEATS

       The special username DEFAULT matches any usernames.

       The  entries  are  processed in order, from the top of the
       users file, on down.  If an  entry  contains  the  special
       item Fall-Through = No as a reply attribute, then the pro­
       cessing of  the  file  stops,  and  no  more  entries  are
       matched.   Any  reply  item  list without any Fall-Through
       attribute is treated as though it included a  Fall-Through
       = No attribute.

       If  an  entry contains the special item Fall-Through = Yes
       as a reply attribute, then the processing proceeds to  the
       next entry in order.

       Care  should be taken when using Fall-Through.  The server
       should be tested in debugging mode with a number  of  test
       requests,  in  order to verify that the configured entries
       behave as expected.


       Attribute = Value
            Not allowed as  a  check  item  for  RADIUS  protocol
            attributes.   It  is allowed for server configuration
            attributes (Auth-Type, etc), and sets the value of on
            attribute, only if there is no other item of the same
            attribute.
            As a reply item, it means "add the item to the  reply
            list,  but only if there is no other item of the same
            attribute."

       Attribute := Value
            Always matches as a check item, and replaces  in  the
            configuration  items  any attribute of the same name.
            If no attribute of that name appears in the  request,
            then this attribute is added.
            As a reply item, it has an identical meaning, but for
            the reply items, instead of the request items.

       Attribute == Value
            As a check item, it matches if the named attribute is
            present in the request, AND has the given value.
            Not allowed as a reply item.

       Attribute += Value
            Always  matches as a check item, and adds the current
            attribute with value to  the  list  of  configuration
            items.
            As a reply item, it has an identical meaning, but the
            attribute is added to the reply items.

       Attribute != Value
            As a check item, matches if the given attribute is in
            the request, AND does not have the given value.
            Not allowed as a reply item.

       Attribute > Value
            As  a  check item, it matches if the request contains
            an attribute with a value greater than the one given.
            Not allowed as a reply item.

       Attribute >= Value
            As  a  check item, it matches if the request contains
            an attribute with a value greater than, or  equal  to
            the one given.
            Not allowed as a reply item.

       Attribute =~ Expression
            As a check item, it matches if the  request  contains
            an  attribute which matches the given regular expres­
            sion.  This operator may only be  applied  to  string
            attributes.
            Not allowed as a reply item.

       Attribute !~ Expression
            As  a  check item, it matches if the request contains
            an attribute which does not match the  given  regular
            expression.   This  operator  may  only be applied to
            string attributes.
            Not allowed as a reply item.

       Attribute =* Value
            As a check item, it matches if the  request  contains
            the named attribute, no matter what the value is.
            Not allowed as a reply item.

       Attribute !* Value
            As  a  check item, it matches if the request does not
            contain the named attribute, no matter what the value
            is.
            Not allowed as a reply item.


EXAMPLES

       bob  Auth-Type := Local, User-Password == "bob"

              Requests  containing  the User-Name attribute, with
              value "bob", will be authenticated using the  local
              password  "bob".   There are no reply items, so the
              reply will be empty.

       DEFAULT   Auth-Type := System
            Fall-Through = Yes

              For all users reaching this entry, perform  authen­
              tication  against  the  system.   Also, process any
              following entries which may match.

       DEFAULT Service-Type==Framed-User, Framed-Protocol==PPP
            Service-Type = Framed-User,
            Framed-Protocol = PPP,
            Fall-Through = Yes

              If the request packet contains the attributes  Ser­
              vice-Type  and Framed-Protocol, with the given val­

       which entries were matched for that request,  so  you  can
       verify  your expectations.  This should be the FIRST thing
       you do if you suspect problems with the file.

       Care should be taken when writing entries  for  the  users
       file.   It  is  easy  to  misconfigure  the server so that
       requests are accepted when you wish to reject  them.   The
       entries  should  be  ordered,  and  the  Fall-Through item
       should be used ONLY where it is required.

       Entries rejecting certain requests should go at the top of
       the file, and should not have a Fall-Through item in their
       reply items.  Entries for specific users, who do not  have
       a  Fall-Through  item,  should  come  next.   Any  DEFAULT
       entries should usually come last, except  as  fall-through
       entries that set reply attributes.


FILES

       /etc/raddb/users


SEE ALSO

       radclient(1), radiusd(8), dictionary(5), naslist(5)


AUTHOR

       The FreeRADIUS team.

                        08 September 2001                USERS(5)
  




Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
You can choose larger fonts by selecting a different themes.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds