2011/6/24 Alfonso Alejandro Reyes Jiménez <conesh@gmail.com>:
Hi Everyone.
we would like to know if there's a way to reject access to the local users, that's because we discover that if you have a system account you may login on the radius server.
IIRC that's the default setup on most system.
I have the teory that if we use the rlm_passwd module we can reject the access to the "local group", I search on the man rlm_passwd file and it has examples of the configuration. The only thing that I don't understand is how radius know which file to check.
Why don't you just remove/mark out all lines with "passwd", "unix", and "pam" on sites-available/default? One of those three is responsible for allowing access to system users on your server. -- Fajar