rad_verify: Received Disconnect-ACK packet from home server with invalid signature! (Shared secret is incorrect.) for CoA, and PoD

Martin martynion at yahoo.com
Wed Sep 7 16:19:39 CEST 2011 

I am using this command on the FR server in order to dicsconect the user on the NAS. The thing is that the NAS is using the same shared secret  for Authentication/Accounting/PoD/CoA and as you can see these messages are accepted and NAS also replyed back with Disconect-ACK. 
Is there another place where to configure the secret for PoD in FreeRadius?
 
Martin Ion

 


________________________________
From: Alan DeKok <aland at deployingradius.com>
To: Martin <martynion at yahoo.com>; FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Sent: Wednesday, September 7, 2011 4:45 PM
Subject: Re: rad_verify: Received Disconnect-ACK packet from home server with invalid signature! (Shared secret is incorrect.) for CoA, and PoD

Martin wrote:
> This is the debug output of radclient command:
> 
>  echo "User-Name='{am=1}543B4DAC6723E8BB0156BA2BBDE133DB at alvarion.ro',
> WiMAX-AAA-Session-Id =
> 18ed983f3c2371c6f4bc692e0c89dffe,Calling-Station-Id = 00-17-c4-3d-41-ea"
> | /usr/local/freeradius2.10/bin/radclient -c '1' -n '3' -r '3' -t '3' -s
> -xx '192.168.60.122:3799' 'disconnect' 'secret' 2>&1

  You really don't need '' around everything.

> Sending Disconnect-Request of id 117 to 192.168.60.122 port 3799
>         User-Name = "{am=1}543B4DAC6723E8BB0156BA2BBDE133DB at alvarion.ro"
>         WiMAX-AAA-Session-Id =
> 0x3138656439383366336332333731633666346263363932653063383964666665
>         Calling-Station-Id = "00-17-c4-3d-41-ea"
> rad_recv: Disconnect-ACK packet from host 192.168.60.122 port 3799,
> id=117, length=20
> rad_verify: Received Disconnect-ACK packet from home server
> 192.168.60.122 port 3799 with invalid signature!  (Shared secret is
> incorrect.)

  So use the *correct* shared secret.

> In radius log there is nothing related to this

  It doesn't show the server receiving a Disconnect-Request?

  It doesn't show the shared secret for the client IP address?  You
can't use that shared secret in the "radclient" command above?

  Alan DeKok.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110907/e31a0a5c/attachment.html>

More information about the Freeradius-Users mailing list