Dual authentication does not work

Document ID : KB000097931
Last Modified Date : 24/05/2018
Show Technical Document Details
Question:
Hello, we are using CA PAM 3.1.1, installed on a machine with a LDAP connection to MS AD for importing users and groups.

We activated the LDAP+RADIUS authentication as described in

https://docops.ca.com/ca-privileged-access-manager/2-8-3/EN/implementing/configure-your-server/authenticate-users-locally-or-remotely/ldap+radius-in-combination

but now the user is able to chose between Local, LDAP or Radius methods. 

LDAP+Radius seems not to work even if we have configured  sAMAccountName=<user_id_in_Radius>. We are able to authenticate with LDAP, or with Radius, but not with both

What can be the problem ?
Environment:
CA PAM 3.1.1, but applicable to other versions
Answer:
Whenever a unique user attribute is configured to LDAP and this coincides with a Radius userid, only LDAP+Radius should be available for authentication. If this is otherwise it may mean that the users and groups were imported after LDAP was configured but before Radius was set up.

To solve the problem, delete the imported users and groups and reimport them