freeradius disconnect

Been working on getting disconnects working. following along with the forums and I’ve got as far as the MT responding and giving an error.
I’ve X’ed the IPs out for obvious reasons…

FreeRadius Version: 2.1.8
MikroTik Version: 4.13

Sending from my radius server to the mikrotik rb750

$ echo “Acct-Session-Id = 80a00004, NAS-IP-Address = xxx.xxx.xxx.xxx,User-Name = 78:E4:00:B2:EE:8B,NAS-Port-Id=2157969412,Framed-IP-Address=192.168.88.159” | radclient -x -r 1 xxx.xxx.xxx.xxx:3799 disconnect secret
Sending Disconnect-Request of id 161 to xxx.xxx.xxx.xxx port 3799
Acct-Session-Id = “80a00004”
NAS-IP-Address = xxx.xxx.xxx.xxx
User-Name = “78:E4:00:B2:EE:8B”
NAS-Port-Id = “2157969412”
Framed-IP-Address = 192.168.88.159
radclient: no response from server for ID 161 socket 3


resulting error on the RB750

16:20:12 radius,debug,packet received bad Disconnect-Request with id 161 from xxx.xxx.xxx.xxx:37496
16:20:12 radius,debug,packet Signature = bad 0xcee1d2938210a9e7565c891df3c7b84d
16:20:12 radius,debug,packet Acct-Session-Id = “80a00004”
16:20:12 radius,debug,packet NAS-IP-Address = xxx.xxx.xxx.xxx
16:20:12 radius,debug,packet User-Name = “78:E4:00:B2:EE:8B”
16:20:12 radius,debug,packet NAS-Port-Id = “2157969412”
16:20:12 radius,debug,packet Framed-IP-Address = 192.168.88.159
16:20:12 radius,debug received remote request from xxx.xxx.xxx.xxx:37496 with bad signature, dropping

ok i figured it out. MT is the one that is causing the “shared secret is incorrect.” it’s the ACK packet that is being received by radclient that is popping the error. the MT box is disconnecting the customer just not replying correctly when it does.


$ echo “NAS-IP-Address = XXX.XXX.XXX.XXX,User-Name = XX:XX:XX:XX:XX:XX,Framed-IP-Address = 192.168.88.169” | radclient -r 1 XXX.XXX.XXX.XXX:3799 disconnect password
rad_verify: Received Disconnect-ACK packet from client XXX.XXX.XXX.XXX port 3799 with invalid signature (err=2)! (Shared secret is incorrect.)
radclient: no response from server for ID 199 socket 3
$