..::Restrict local users::..

Fajar A. Nugraha list at fajar.net
Fri Jun 24 07:49:35 CEST 2011


2011/6/24 Alfonso Alejandro Reyes Jiménez <conesh at gmail.com>:
> Hi Everyone.
>
> we would like to know if there's a way to reject access to the local users,
> that's because we discover that if you have a system account you may login
> on the radius server.
>

IIRC that's the default setup on most system.

> I have the teory that if we use the rlm_passwd module we can reject the
> access to the "local group", I search on the man rlm_passwd file and it has
> examples of the configuration. The only thing that I don't understand is how
> radius know which file to check.

Why don't you just remove/mark out all lines with "passwd", "unix",
and "pam" on sites-available/default? One of those three is
responsible for allowing access to system users on your server.

-- 
Fajar




More information about the Freeradius-Users mailing list