The ME60 is newly deployed at a site. When the RADIUS authentication account is tested, the test-aaa command is used. After the command is entered, it prompts "User name or password is wrong!" Test the account on the PC, and find that it is correct and the authentication succeeds.
1. Check the user account and password, and they are correct.
2. Use the debugging radius packet command. A denied message is returned from RADIUS "Reply-Message (18) has no roaming authority. Check the authentication request message sent from the ME60 to RADIUS, there is no Domain-name (26-138). This is because you can enter only the user account and password in the test-aaa command. When RADIUS checks the account, it does not find the domain. That is, RADIUS does not detect Domain-name (26-138) in the authentication request message and the authentication fails. When the PC connects the ME60 through dialing, there is Domain-name (26-138) in the authentication request message. The authentication succeeds.
1. The account or the password is incorrect.
2. The test-aaa command does not include some attributes of the user account and is denied by RADIUS.
The ME60 and MA5200G provide the test-aaa command. The command is used to test whether a certain user can pass the authentication of the RADIUS server. Note that the test-aaa command can be used to send only the user account and password to RADIUS, and NAS-Identifier (32). It cannot be used to send the domain to which the user belongs and the interface.