LDAP+Radius dual authentication does not work

Document ID : KB000100601
Last Modified Date : 11/06/2018
Show Technical Document Details
Issue:
In a PAM server configured to use Radius and LDAP authentication, this seems not to work. LDAP authentication works, but Radius does not, even if users have been configured in Radius with the same samAccountName attribute as is mapped in PAM between LDAP and Radius. As a result, users defined in LDAP can log in using method LDAP, but not using method Radius and, besides, we would like to have only LDAP+Radius as authentication option.
Environment:
CA PAM 2.X and 3.X
Resolution:
If LDAP+Radius was configured after LDAP users were imported, they will not be taken into consideration. It will be necessary to delete all users having LDAP+Radius authentication and reimport them. Once the users are imported, there will be no separate choices in the login page for Radius and LDAP
Additional Information:
https://docops.ca.com/ca-privileged-access-manager/3-1-1/EN/implementing/configure-your-server/authenticate-users-locally-or-remotely/radius-or-tacacs+