On Jun 22, 2015, at 2:10 PM, Daniel Bray <dbray925@gmail.com> wrote:
I can take care of that with either Spacewalk, or other scripted methods. I was mainly looking for a centralized user "database", focusing on AAA.
People typically use LDAP for Linux logins. It's a better fit.
Is there any sort of common "trick" to deny users by default?
No. Unknown users are denied. Known users are authenticated. There's no trick. If you want known users to be rejected, you have to tell the server when to do that. There is no default configuration of "do everything I want"
Or, am I just looking at this wrong....which I'm beginning to think I am. If the user does not need access, but needs to be created in the Freeradius database, then I should probably either 1.) reevaluate the real reason they "need" to be created or 2.) explicitly deny/disable that user, leaving all the other admins alone with default access.
Pretty much.
And just to be clear. I should configure all of that with the /etc/raddb/sites-enabled/default file right after the authorize -> sql section. Meaning, I should place all my sql if/else statements in that section. Right?
Yes. Alan DeKok.