SSH-Login libpam-radius-auth

Marius.Meisner marius.meisner at
Sat Jan 29 15:23:29 CET 2011

Hi Alan,

thx for your response - I've fixed it now. There where two things to do,
one pam issue and one radius issue.

For the libpam-radius-auth its necessary to add a user on the local
system, so that there is an entry for each user to authenticate by
radius over pam.
The second thing was, that then the passwords were used from the passwd
instead of the entries in database or user-file. A change in the
sites-enabled/default was needed to fix that. The order in the authorize
{...} - part must be changed from




because the first match wins and gets the password out of its entries,
without looking for the other ones.

So everything works fine until the next project ;-)



Am 28.01.2011 09:38, schrieb Alan DeKok:
> Marius.Meisner wrote:
>> If I try to authenticate from ssh I receive this message:
>> rad_recv: Access-Request packet from host port 3666, id=208,
>> length=88
>>         User-Name = "lisa"
>>         User-Password = "\010\n\r\177INCORRECT"
>   The password is being changed by the PAM libraries on the machine.  Go
> fix that.
>   This is a PAM issue, and is not a RADIUS issue.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list