OpenSSH, Radius, PAM & NOUSER issue

Le Gal Philippe Philippe.LeGal at
Wed Jan 18 01:44:12 EST 2006

Hi !
Sorry to bring back the infamous "NOUSER" in the conversation but I didn't get the workaround on that problem. 
Firstly, I'm using :
- openssh-3.1p1-15 which is the version which comes by default with my Red Hat Linux Advanced Server release 2.1AS.
- I'm using PAM, set up to use radius. Please find below the /etc/pam.d/sshd file :
auth       sufficient     /lib/security/
auth       required     /lib/security/ service=system-auth
auth       required     /lib/security/
account    required     /lib/security/ service=system-auth
password   required     /lib/security/ service=system-auth
session    required     /lib/security/ service=system-auth
session    required     /lib/security/
session    optional     /lib/security/

- I'm using the FreeRadius server. It is up and running in debug mode (see output below)
I'm trying to connect to this server using ssh :
ssh test at machine_of_the_test
The login name I used is : test
passwd : test
- This is my var/log/messages :
Jan 16 19:34:59 machine_of_the_test sshd(pam_unix)[17647]: check pass; user unknown
Jan 16 19:34:59 machine_of_the_test sshd(pam_unix)[17647]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=
- This is the request coming to the radius server. As you can see Username is "NOUSER"
rad_recv: Access-Request packet from host, id=22, length=91
        User-Name = "NOUSER"
        User-Password = "test"
        NAS-IP-Address =
        NAS-Identifier = "sshd"
        NAS-Port = 17274
        NAS-Port-Type = Virtual
        Service-Type = Authenticate-Only
        Calling-Station-Id = ""

How can I solve this ? I want sshd to pass on to PAM the real username if it is not found is /etc/passwd and not the fake username "NOUSER". How do I do that ? 
I have more than 100 servers to administrate. I need an (very) easy way to do it !
Merci for your help !
Philippe Email: Philippe.LeGal at

This e-mail has been scanned for all known viruses by EMEA.

More information about the openssh-unix-dev mailing list