Mikrotik Dissconect
f0rud
fzerorubigd at gmail.com
Wed Jun 9 17:23:06 CEST 2010
On Wed, 2010-06-09 at 15:16 +0200, Bjørn Mork wrote:
> f0rud <fzerorubigd at gmail.com> writes:
>
> > So Mikrotik accept this (and then I can say shared secret is OK),
>
> Sure? Did you try deliberately using a wrong secret to verify that the
> NAS validates the request?
>
Yes, with wrong secret , NAS add my request to bad request(I check this
at Winbox/Radius/Incoming ) and the result is :
Sending Disconnect-Request of id 179 to 192.168.0.6 port 1700
Acct-Session-Id = "81500000"
User-Name = "f0rud"
radclient: no response from server for ID 179 socket 3
if the secret is wrong there is no answer at all.
> > but
> > radclient report this as failed. how its possible? in this case server
> > is NAS and accept the request , why client return it as failed?
>
> Because the Ack can't be validated. Either because the NAS sends an
> invalid Ack or because radclient does something wrong when verifying it.
> Given the amount of testing each of those probably have had when it
> comes to CoA, I would suspect the NAS...
>
There is 4 Number :
Requests : All requests (with correct secret)
Bad Requests : Requests with wrong secret
Acks : Accepted request
Naks : Rejected request
in this case, Acks means the request that the router accept and
disconnect user.
More information about the Freeradius-Users
mailing list