Wrong Password or User does not exist

Mahdi Alizadeh malizadeh at ce.sharif.edu
Sun Jan 27 20:22:35 CET 2013

Thanks for reply. I am creating a general component and I have tendency 
to not change radius server configuration (otherwise, all the users 
using my component should set these configurations in their radius 
server). Is it possible that we check whether a user with the entered 
username exist in the radius server or not by sending a query to the 
radius server? I solved this problem in Active Directory by sending ldap 
query to the server. In this solution, if the authentication request is 
rejected, I will send a query to the server and I will check whether 
this user is defined in the active directory or not. If the user exists 
in the active directory, I conclude that password is wrong. Otherwise, 
the entered username is wrong. Is this solution applicable to the Radius 
Server (Radius server supports such query or something like that?) ?

On 1/27/2013 5:42 PM, Alan DeKok wrote:
> malizadeh wrote:
>> I installed a FreeRADIUS and I want to authenticate users by using this
>> server. However, when a request is rejected there is ambiguity:
>> 1. Username exist but password is wrong
>> 2. This username does not exist in the server
>> I need to know which condition is true when an authentication request is
>> evaluated. Any help?
>    You need to write a policy which checks for that, and creates a
> different log message for each situation.
>    This means understanding your configuration.  You need to understand
> what happens when a user doesn't exist.  And what happens when a user
> exists, but has a wrong password.
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

More information about the Freeradius-Devel mailing list