rad_verify: Received Disconnect-ACK packet from home server with invalid signature! (Shared secret is incorrect.) for CoA, and PoD
Alan DeKok
aland at deployingradius.com
Wed Sep 7 16:40:53 CEST 2011
Martin wrote:
> I am using this command on the FR server in order to dicsconect the user
> on the NAS.
OK... that wasn't clear from the original message.
> The thing is that the NAS is using the same shared secret
> for Authentication/Accounting/PoD/CoA and as you can see these messages
> are accepted and NAS also replyed back with Disconect-ACK.
The Disconnect-Request messages aren't signed. So... the fact that
the NAS replies doesn't mean anything.
> Is there another place where to configure the secret for PoD in FreeRadius?
You're not using the FreeRADIUS server. You're using "radclient".
The secret is passed on the command line.
You have two choices:
1) use the same shared secret that the NAS is using
2) the NAS is broken, and doesn't implement Disconnect-NAK properly.
Alan DeKok.
More information about the Freeradius-Users
mailing list