Freeradius not always denying invalid users

Chris Moss cmoss28 at
Wed Sep 3 17:42:37 CEST 2008

We are running version 1.1.3. We do have thousands of users in the 
passwd file, could that have something to do with it? Is there a way to 
tell the radius server that if it can't authenticate to deny it. I'm 
wondering if the OS itself is getting overloaded causing this.

Chris Moss

Alan DeKok wrote:
> Chris Moss wrote:
>> Here is an example of a user who is turned off. This shows the invalid
>> shell where it pulls out part of the passwd entry of another user. Note
>> the username in this is all the same user.
>> Wed Sep  3 08:33:34 2008 : Auth: rlm_unix: [username]: invalid password
>   The server just does system calls to get the password from
> /etc/passwd.  If that says the user's password is incorrect, it's
> incorrect.  No amount of poking the server will change that.
>> Wed Sep  3 08:33:48 2008 : Auth: rlm_unix: [username]: invalid shell
>> [*one Oak United Methodist:/home/loumc:/bin/false*
>   The server just does a system call to get the user's shell, and
> validate that against the list of valid shells.  If that says the shell
> is invalid, there's little the server can do.
>   i.e. the server is relying on the OS and libraries to get  information
> from the password file.  "one Oak United.." is obviously not the correct
> user shell.  So I'd say there's something wrong with your local system.
>   *Unless*, of course you're using an old version of the server, and
> have configured it to read /etc/passwd itself.  This isn't recommended
> even in old versions of the server.  So... don't enable caching in the
> "unix" module.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list