I had a test client (Ubuntu 22.04) set up, and I was running tcpdump on the server (also Ubuntu, running Freeradius 3.0). I had created a username & password on the Radius server, and if I tried to log into the client with those credentials, it failed. But as soon as I created a "cut out" on the client (same username, but '*' password in the shadow file), I could log in because the server was no longer rejecting the authorization request. I don't get it. How would the server know if there was a local user or not? Nothing in the messages seem to be different, other than the things you'd expect (the message id, and the random seed that the password gets hashed with). All other parts of the message were identical. How was the client conveying to the server that there wasn't a local account present? Thanks
