Mikrotik Dissconect

f0rud fzerorubigd at gmail.com
Wed Jun 9 17:23:06 CEST 2010

On Wed, 2010-06-09 at 15:16 +0200, Bjørn Mork wrote:
> f0rud <fzerorubigd at gmail.com> writes:
> > So Mikrotik accept this (and then I can say shared secret is OK),
> Sure?  Did you try deliberately using a wrong secret to verify that the
> NAS validates the request?
Yes, with wrong secret , NAS add my request to bad request(I check this
at Winbox/Radius/Incoming ) and the result is : 

Sending Disconnect-Request of id 179 to port 1700
	Acct-Session-Id = "81500000"
	User-Name = "f0rud"
radclient: no response from server for ID 179 socket 3

if the secret is wrong there is no answer at all.

> > but
> > radclient report this as failed. how its possible? in this case server
> > is NAS and accept the request , why client return it as failed?
> Because the Ack can't be validated.  Either because the NAS sends an
> invalid Ack or because radclient does something wrong when verifying it.
> Given the amount of testing each of those probably have had when it
> comes to CoA, I would suspect the NAS...

There is 4 Number :
Requests : All requests (with correct secret)
Bad Requests : Requests with wrong secret
Acks : Accepted request 
Naks : Rejected request

in this case, Acks means the request that the router accept and
disconnect user.

More information about the Freeradius-Users mailing list