I currently have two auth types (NTLM_AUTH and PAM) in my default site configuration (using FreeRadius version 2.1.12) - although I would like to achieve the following:

If the user authenticates against to radius server and fails NTLM_AUTH, the request will then be authenticated against PAM and if it still fails it will be rejected.

Now I presume this could be done via the "users" file?

I have read the documentation for the users file on the wiki without much luck.