Is the "unix" module uncommented in the authorize section of your configuration? If so, then FreeRADIUS is authenticating the users in the /etc/password file. # # Pull crypt'd passwords from /etc/passwd or /etc/shadow, # using the system API's to get the password. If you want # to read /etc/passwd or /etc/shadow directly, see the # passwd module in radiusd.conf. # # unix Tim -----Original Message----- From: freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freeradius.or g [mailto:freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freer adius.org] On Behalf Of Alfonso Alejandro Reyes Jiménez Sent: Thursday, June 23, 2011 9:30 PM To: FreeRadius users mailing list Subject: ..::Restrict local users::.. Hi Everyone. we would like to know if there's a way to reject access to the local users, that's because we discover that if you have a system account you may login on the radius server. I have the teory that if we use the rlm_passwd module we can reject the access to the "local group", I search on the man rlm_passwd file and it has examples of the configuration. The only thing that I don't understand is how radius know which file to check. I mean if I put a file with our group information, how can I tell radius to check that file? I have the group file on the /etc/ and the smbpasswd example on /etc/raddb/modules/ I've checked all the raddb directory files looking for any option without luck. What am I doing wrong? Any advice will be appreciated. Alfonso. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html