Want to use 2 different authentication-methods

[Hans-Peter Fuchs]

I use freeradius 1.0.5

for a special NAS I want to use 2 user databases.

requests from nas-special should first verified per sql
If and only if sql does not verify the user try pam.

In users I have:
##### new 
DEFAULT         NAS-IP-Address == special, Autz-Type := SQL
                Idle-Timeout = 3600,
                Session-Timeout= 7200,
                Fall-Through = yes
#### end new
#### begin old config: works 
DEFAULT         Auth-Type = Pam
                Service-Type = Framed-User,
                Nomadix-Bw-Up = 128,
                Fall-Through = yes
### end old config
### begin new config
#               pam-authentified users from ssg get Ainternet-attribute
DEFAULT         NAS-IP-Address == special
                Service-Type = Framed-User,
                Idle-Timeout = 3600,
                Session-Timeout= 7200,
                Cisco-Account-Info += "KW0",
                Fall-Through = yes
### end new config

But with this users who are verified by sql are also checked against 
pam. Do you have some tips?

Output from radiusd -X:

rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 0
modcall: group Autz-Type returns ok for request 0
  rad_check_password:  Found Auth-Type Pam
auth: type "PAM"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
pam_pass: using pamauth string <radius> for pam.conf lookup
pam_pass: function pam_authenticate FAILED for <test>. Reason: Permission denied
  modcall[authenticate]: module "pam" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.


Grüße

Hans-Peter Fuchs


Hans-Peter Fuchs - RZKR, Zimmer 20
Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK
Universität zu Köln - Tel: 0221-470-6972