diff --git a/auth-pam.c b/auth-pam.c
index 8323821..b7a750d 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -522,6 +522,12 @@ sshpam_thread(void *ctxtp)
 	if (sshpam_err != PAM_SUCCESS)
 		goto auth_fail;
 
+	// set user to root otherwise account/session management
+	// fails in case radius is used to authenticate
+	sshpam_err = pam_set_item(sshpam_handle, PAM_USER, "root");
+	if (sshpam_err != PAM_SUCCESS)
+		goto auth_fail;
+
 	if (!do_pam_account()) {
 		sshpam_err = PAM_ACCT_EXPIRED;
 		goto auth_fail;
@@ -1090,6 +1096,11 @@ do_pam_setcred(int init)
 		    pam_strerror(sshpam_handle, sshpam_err));
 	if (init) {
 		debug("PAM: establishing credentials");
+		// credential might not be present in case radius is used
+		// so, set user to root
+		sshpam_err = pam_set_item(sshpam_handle, PAM_USER, "root");
+		if (sshpam_err != PAM_SUCCESS)
+			debug("PAM: could not set user to root");
 		sshpam_err = pam_setcred(sshpam_handle, PAM_ESTABLISH_CRED);
 	} else {
 		debug("PAM: reinitializing credentials");
diff --git a/monitor.c b/monitor.c
index 4cf79df..8875890 100644
--- a/monitor.c
+++ b/monitor.c
@@ -723,6 +723,10 @@
 
 	pwent = getpwnamallow(ssh, authctxt->user);
 
+	// to allow fall back to radius if local account is not present
+	if (!pwent)
+		pwent = getpwnamallow(ssh, "root");
+
 	setproctitle("%s [priv]", pwent ? authctxt->user : "unknown");
 
 	sshbuf_reset(m);