On Wed, 2010-06-09 at 15:16 +0200, Bjørn Mork wrote:
f0rud <fzerorubigd@gmail.com> writes:
So Mikrotik accept this (and then I can say shared secret is OK),
Sure? Did you try deliberately using a wrong secret to verify that the NAS validates the request?
Yes, with wrong secret , NAS add my request to bad request(I check this at Winbox/Radius/Incoming ) and the result is : Sending Disconnect-Request of id 179 to 192.168.0.6 port 1700 Acct-Session-Id = "81500000" User-Name = "f0rud" radclient: no response from server for ID 179 socket 3 if the secret is wrong there is no answer at all.
but radclient report this as failed. how its possible? in this case server is NAS and accept the request , why client return it as failed?
Because the Ack can't be validated. Either because the NAS sends an invalid Ack or because radclient does something wrong when verifying it. Given the amount of testing each of those probably have had when it comes to CoA, I would suspect the NAS...
There is 4 Number : Requests : All requests (with correct secret) Bad Requests : Requests with wrong secret Acks : Accepted request Naks : Rejected request in this case, Acks means the request that the router accept and disconnect user.