AW: Windows 7 answers LAN based EAP-TLS with EAP-NAK and PEAP

PENZ Robert ROBERT.PENZ at TIROL.GV.AT
Tue Aug 7 13:22:27 CEST 2012


> > The problem now is that in 1/3 of the clients boots (done over 40 times
> > with a tap devices running as sniffer) the Windows Client sends an
> > 
> > response: Legacy Nak (Response only) [RFC3748] with the wish for PEAP.
> > After this the freeradius Server sends a reject ([eap] NAK asked for
> > unsupported type PEAP).

>   Either configure PEAP, or fix the client to stop asking for PEAP.

trying ... ;-)


> > In the 2/3 of the cases it works the Client does not send a NAK, so I
> > believe it is a client problem but it’s Windows 7 … there must be
> > thousands of installs with Windows 7 and 802.1x EAP/TLS.

>   It's definitely a client problem.

Yeah, we'll open a case. I seems to be a problem if the configuration is done via GPOs, but not sure.

>   My suggestion is to do a re-install on the client.  Other Windows 7
> machines don't behave this way.

does not help. We can reproduce the problem on multiple machines.




More information about the Freeradius-Users mailing list