I use freeradius 1.0.5 for a special NAS I want to use 2 user databases. requests from nas-special should first verified per sql If and only if sql does not verify the user try pam. In users I have: ##### new DEFAULT NAS-IP-Address == special, Autz-Type := SQL Idle-Timeout = 3600, Session-Timeout= 7200, Fall-Through = yes #### end new #### begin old config: works DEFAULT Auth-Type = Pam Service-Type = Framed-User, Nomadix-Bw-Up = 128, Fall-Through = yes ### end old config ### begin new config # pam-authentified users from ssg get Ainternet-attribute DEFAULT NAS-IP-Address == special Service-Type = Framed-User, Idle-Timeout = 3600, Session-Timeout= 7200, Cisco-Account-Info += "KW0", Fall-Through = yes ### end new config But with this users who are verified by sql are also checked against pam. Do you have some tips? Output from radiusd -X: rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 0 modcall: group Autz-Type returns ok for request 0 rad_check_password: Found Auth-Type Pam auth: type "PAM" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 pam_pass: using pamauth string <radius> for pam.conf lookup pam_pass: function pam_authenticate FAILED for <test>. Reason: Permission denied modcall[authenticate]: module "pam" returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Grüße Hans-Peter Fuchs Hans-Peter Fuchs - RZKR, Zimmer 20 Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK Universität zu Köln - Tel: 0221-470-6972