-.TH USERS 5 "08 September 2001" "" "FreeRADIUS user authorization file"
+.\" # DS - begin display
+.de DS
+.RS
+.nf
+.sp
+..
+.\" # DE - end display
+.de DE
+.fi
+.RE
+.sp
+..
+.TH USERS 5 "04 Jan 2004" "" "FreeRADIUS user authorization file"
.SH NAME
users \- user authorization file for the FreeRADIUS server
.SH DESCRIPTION
-The \fBusers\fP file resides in the RADIUS database directory, by
-default \fB/etc/raddb\fP. It contains a series of configuration
-directives which are used by the \fIfiles\fP module to decide how to
-authorize and authenticate each user request.
+The \fBusers\fP files reside in the files module configuration directory,
+by default \fB/etc/raddb/mods-config/files/\fP. It contains a series
+of configuration directives which are used by the \fIfiles\fP
+module to decide how to authorize and authenticate each user request.
Every line starting with a hash sign
.RB (' # ')
with a tab, and a (possibly empty) list of reply items. Each item in
the check or reply item list is an attribute of the form \fBname =
value\fP. Multiple items may be placed on one line, in which case
-they must be seperated by commas. The reply items may be specified
+they must be separated by commas. The reply items may be specified
over multiple lines, in which case each line must end with a comma,
and the last line of the reply items must not end with a comma.
rejected.
.SH CAVEATS
-The special username \fBDEFAULT\fP matches any usernames.
+The special keyword \fBDEFAULT\fP matches any usernames.
The entries are processed in order, from the top of the \fBusers\fP file,
on down. If an entry contains the special item \fBFall-Through =
Not allowed as a reply item.
.TP 0.5i
-.B "Attribute =~ Expression"
-As a check item, it matches if the request contains an attribute which
-matches the given regular expression. This operator may only be
-applied to string attributes.
-.br
-Not allowed as a reply item.
-
-.TP 0.5i
-.B "Attribute !~ Expression"
-As a check item, it matches if the request contains an attribute which
-does not match the given regular expression. This operator may only be
-applied to string attributes.
-.br
-Not allowed as a reply item.
-
-.TP 0.5i
.B "Attribute =* Value"
As a check item, it matches if the request contains the named
attribute, no matter what the value is.
.SH EXAMPLES
.DS
-bob Auth-Type := Local, User-Password == "bob"
+bob Cleartext-Password := "hello"
.DE
.RS
Requests containing the User-Name attribute, with value "bob", will be
-authenticated using the local password "bob". There are no reply
-items, so the reply will be empty.
-.RE
-
-.DS
-DEFAULT Auth-Type := System
-.br
- Fall-Through = Yes
-
-.DE
-.RS
-For all users reaching this entry, perform authentication against the
-system. Also, process any following entries which may match.
+authenticated using the "known good" password "hello". There are no
+reply items, so the reply will be empty.
.RE
.DS
-DEFAULT Service-Type==Framed-User, Framed-Protocol==PPP
+DEFAULT Service-Type == Framed-User, Framed-Protocol == PPP
.br
Service-Type = Framed-User,
.br
entries that set reply attributes.
.SH FILES
-/etc/raddb/users
+/etc/raddb/mods-config/files/
.SH "SEE ALSO"
.BR radclient (1),
.BR radiusd (8),
.BR dictionary (5),
-.BR naslist (5)
.SH AUTHOR
The FreeRADIUS team.