The users File
FreeRADIUS allows several modifications
to the
original RADIUS server’s style of treating users
unknown to the users file. In the past, if a
user wasn’t configured in the
users file, the server would look in the Unix
password file, and then deny him access if he didn’t
have an account on the machine. There was only one default entry
permitted. In contrast, FreeRADIUS allows multiple default entries
and can “fall through” each of them
to find an optimal match. The entries are processed in the order they
appear in the users file, and once a match is found, RADIUS stops
processing it. The Fall-Through = Yes attribute
can be set to instruct the server to keep processing, even upon a
match. The new FreeRADIUS users file can also
accept spaces in the username attributes, either by escaping the
space with a backslash (\) or putting the entire username inside
quotation marks. Additionally, FreeRADIUS will not strip out spaces
in usernames received from PortMaster equipment.
Since we won’t add any users to the users file for our testing purposes, FreeRADIUS will fall back to accounts configured locally on the Unix machine. However, if you want to add a user to the users file to test that functionality, a sample /etc/raddb/users file looks like this:
steve Auth-Type := Local, User-Password == "testing" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 172.16.3.33, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = ...