In nFactor auth, the Radius action is the second factor but cannot be performed. nFactor flow is simple and is like below: 

AAA vServer: Domain_Radius_vS
    Login Schema: DualAuth_Schema
	Authn Policy: Domain_LDAP_Pol
		Expression: true
		Action: LDAP_Act
		Next Factor if Success: Radius_Pollable
			Login Schema: LSCHEMA_INT
			Authn Policy: Radius_Pol
				Expression: true
				Action: Radius_Act

Log shows that LDAP auth is successful but nothing about Radius auth. 

May  9 10:24:29 <local1.info> NS [1310]: (0-47) process_kernel_socket: call to authenticate user :user, vsid :12904, userlen 8
May  9 10:24:29 <local1.info> NS [1310]: (0-47) cascade_auth: starting ldap auth for: user, sizeof(*ar) is 36, userlen 9
May  9 10:24:29 <local1.info> NS [1310]: (0-47) start_ldap_auth: Starting LDAP auth
May  9 10:24:29 <local1.info> NS [1310]: (0-47) start_ldap_auth: attempting to do ldap auth for user @ ldap_ip
...
May  9 10:24:29 <local1.info> NS [1310]: (0-47) receive_ldap_user_bind_event: User authentication (Bind event) for user user succeeded

Correct the configuration: 

> set authentication loginSchema LSCHEMA_INT -authenticationSchema noschema
 Done

Problem Cause

The customer accidentally set LSCHEMA_INT to DualAuth.xml .

set authentication loginSchema LSCHEMA_INT -authenticationSchema "/nsconfig/loginschema/LoginSchema/DualAuth.xml"

In the DualAuth flow, DualAuth.xml is bound to the vServer, so we don't need to bind any login schema to the second factor. Thus, default noschema profile LSCHEMA_INT is used. LSCHEMA_INT represents no schema and should not be changed to any other schema file. So, above configuration mistake leaded to the strange phenomenon.