1. Check the user account and password, and they are correct.
2. Use the debugging radius packet command. A denied message is returned from RADIUS "Reply-Message (18) has no roaming authority. Check the authentication request message sent from the ME60 to RADIUS, there is no Domain-name (26-138). This is because you can enter only the user account and password in the test-aaa command. When RADIUS checks the account, it does not find the domain. That is, RADIUS does not detect Domain-name (26-138) in the authentication request message and the authentication fails. When the PC connects the ME60 through dialing, there is Domain-name (26-138) in the authentication request message. The authentication succeeds.
1. The account or the password is incorrect.
2. The test-aaa command does not include some attributes of the user account and is denied by RADIUS.
The ME60 and MA5200G provide the test-aaa command. The command is used to test whether a certain user can pass the authentication of the RADIUS server. Note that the test-aaa command can be used to send only the user account and password to RADIUS, and NAS-Identifier (32). It cannot be used to send the domain to which the user belongs and the interface.