No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

ME60 Fails to Test the Correct Account Because the test-aaa Command Cannot Include Information About User Attributes

Publication Date:  2019-07-17  |   Views:  178  |   Downloads:  0  |   Author:  SU1001798183  |   Document ID:  EKB0000320145


Issue Description

The ME60 is newly deployed at a site. When the RADIUS authentication account is tested, the test-aaa command is used. After the command is entered, it prompts "User name or password is wrong!" Test the account on the PC, and find that it is correct and the authentication succeeds.          

Alarm Information



Handling Process

1. Check the user account and password, and they are correct.

2. Use the debugging radius packet command. A denied message is returned from RADIUS "Reply-Message (18) has no roaming authority. Check the authentication request message sent from the ME60 to RADIUS, there is no Domain-name (26-138). This is because you can enter only the user account and password in the test-aaa command. When RADIUS checks the account, it does not find the domain. That is, RADIUS does not detect Domain-name (26-138) in the authentication request message and the authentication fails. When the PC connects the ME60 through dialing, there is Domain-name (26-138) in the authentication request message. The authentication succeeds. 


Root Cause

1. The account or the password is incorrect.

2. The test-aaa command does not include some attributes of the user account and is denied by RADIUS. 



The ME60 and MA5200G provide the test-aaa command. The command is used to test whether a certain user can pass the authentication of the RADIUS server. Note that the test-aaa command can be used to send only the user account and password to RADIUS, and NAS-Identifier (32). It cannot be used to send the domain to which the user belongs and the interface.