On Wed, 2010-06-09 at 15:16 +0200, Bjørn Mork wrote:
> f0rud <[email protected]> writes:
>
> > So Mikrotik accept this (and then I can say shared secret is OK),
>
> Sure? Did you try deliberately using a wrong secret to verify that the
> NAS validates the request?
>
Yes, with wrong secret , NAS add my request to bad request(I check this
at Winbox/Radius/Incoming ) and the result is :
Sending Disconnect-Request of id 179 to 192.168.0.6 port 1700
Acct-Session-Id = "81500000"
User-Name = "f0rud"
radclient: no response from server for ID 179 socket 3
if the secret is wrong there is no answer at all.
> > but
> > radclient report this as failed. how its possible? in this case server
> > is NAS and accept the request , why client return it as failed?
>
> Because the Ack can't be validated. Either because the NAS sends an
> invalid Ack or because radclient does something wrong when verifying it.
> Given the amount of testing each of those probably have had when it
> comes to CoA, I would suspect the NAS...
>
There is 4 Number :
Requests : All requests (with correct secret)
Bad Requests : Requests with wrong secret
Acks : Accepted request
Naks : Rejected request
in this case, Acks means the request that the router accept and
disconnect user.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
