This question appears in various forums time and time again though I've yet to discover a solution for it under linux. It *must* be a common issue....
The need exists to map users who are successfully authenticated via pam_radius_auth and who do not have a local account to a default 'token user'. FreeBSD's radius/pam module has a simple and obvious 'template_user' directive that suits this precise purpose well. Linux pam_radius_auth lacks this feature. Deploying centralized authentication only to require that all other user info be manually configured on each and every device anyway doesn't make any sense. Nor should it involve a full-blown and often unwieldy NIS (or similar) infrastructure to function. Surely I'm overlooking something. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html