<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:12pt"><div>I am using this command on the FR server in order to dicsconect the user on the NAS. The thing is that the NAS is using the same shared secret for Authentication/Accounting/PoD/CoA and as you can see these messages are accepted and NAS also replyed back with Disconect-ACK. </div><div>Is there another place where to configure the secret for PoD in FreeRadius?</div><div> </div><div><div><div><div><font face="comic sans ms">Martin Ion</font></div><br><div><font face="Comic Sans MS"></font> </div></div></div></div><div><br></div><div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; "><div style="font-size: 12pt; font-family: 'times new roman', 'new york', times, serif; "><font size="2" face="Arial"><hr size="1"><b><span style="font-weight:bold;">From:</span></b> Alan DeKok
<aland@deployingradius.com><br><b><span style="font-weight: bold;">To:</span></b> Martin <martynion@yahoo.com>; FreeRadius users mailing list <freeradius-users@lists.freeradius.org><br><b><span style="font-weight: bold;">Sent:</span></b> Wednesday, September 7, 2011 4:45 PM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: rad_verify: Received Disconnect-ACK packet from home server with invalid signature! (Shared secret is incorrect.) for CoA, and PoD<br></font><br>Martin wrote:<br>> This is the debug output of radclient command:<br>> <br>> echo "User-Name='{am=1}<a ymailto="mailto:543B4DAC6723E8BB0156BA2BBDE133DB@alvarion.ro" href="mailto:543B4DAC6723E8BB0156BA2BBDE133DB@alvarion.ro">543B4DAC6723E8BB0156BA2BBDE133DB@alvarion.ro</a>',<br>> WiMAX-AAA-Session-Id =<br>> 18ed983f3c2371c6f4bc692e0c89dffe,Calling-Station-Id = 00-17-c4-3d-41-ea"<br>> | /usr/local/freeradius2.10/bin/radclient -c '1' -n '3'
-r '3' -t '3' -s<br>> -xx '192.168.60.122:3799' 'disconnect' 'secret' 2>&1<br><br> You really don't need '' around everything.<br><br>> Sending Disconnect-Request of id 117 to 192.168.60.122 port 3799<br>> User-Name = "{am=1}<a ymailto="mailto:543B4DAC6723E8BB0156BA2BBDE133DB@alvarion.ro" href="mailto:543B4DAC6723E8BB0156BA2BBDE133DB@alvarion.ro">543B4DAC6723E8BB0156BA2BBDE133DB@alvarion.ro</a>"<br>> WiMAX-AAA-Session-Id =<br>> 0x3138656439383366336332333731633666346263363932653063383964666665<br>> Calling-Station-Id = "00-17-c4-3d-41-ea"<br>> rad_recv: Disconnect-ACK packet from host 192.168.60.122 port 3799,<br>> id=117, length=20<br>> rad_verify: Received Disconnect-ACK packet from home server<br>> 192.168.60.122 port 3799 with invalid signature! (Shared secret is<br>> incorrect.)<br><br> So use the *correct*
shared secret.<br><br>> In radius log there is nothing related to this<br><br> It doesn't show the server receiving a Disconnect-Request?<br><br> It doesn't show the shared secret for the client IP address? You<br>can't use that shared secret in the "radclient" command above?<br><br> Alan DeKok.<br><br><br></div></div></div></body></html>