User profile rate limits are applied to specific users by installing a dynamic simple queue targeting that user's IP address. New dynamic queues are installed on log in and uninstalled on log out. They are installed at the top of the list of queues. At the bottom of the list sits a queue at is just tied to the interface, and any user that doesn't match a more specific queue by IP falls through to it. That interface queue takes the parameters from the rate limit on the server profile. It generally applies to users that are bypassed from login in IP bindings and users that are not authenticated yet.
Since you're using RADIUS you just use RADIUS attributes to rate limit users, though.
http://wiki.mikrotik.com/wiki/Manual:RA ... ess-Accept
You can either make user profiles and use the Mikrotik-Group attribute to log users into them, or you can just bypass all that and use the Mikrotik-Rate-Limit attribute to directly tell the router what rate limit to apply to that user's IP address.