AW: Windows 7 answers LAN based EAP-TLS with EAP-NAK and PEAP

PENZ Robert ROBERT.PENZ at TIROL.GV.AT
Thu Aug 30 16:56:56 CEST 2012


Hi!

We've found the problem und fixed it together with the Microsoft support and here is the link to the Hotfix, if other FreeRadius users have the same problem: http://support.microsoft.com/kb/2481614

Robert


-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+robert.penz=tirol.gv.at at lists.freeradius.org [mailto:freeradius-users-bounces+robert.penz=tirol.gv.at at lists.freeradius.org] Im Auftrag von PENZ Robert
Gesendet: Dienstag, 7. August 2012 13:22
An: FreeRadius users mailing list
Betreff: AW: Windows 7 answers LAN based EAP-TLS with EAP-NAK and PEAP

> > The problem now is that in 1/3 of the clients boots (done over 40 times
> > with a tap devices running as sniffer) the Windows Client sends an
> > 
> > response: Legacy Nak (Response only) [RFC3748] with the wish for PEAP.
> > After this the freeradius Server sends a reject ([eap] NAK asked for
> > unsupported type PEAP).

>   Either configure PEAP, or fix the client to stop asking for PEAP.

trying ... ;-)


> > In the 2/3 of the cases it works the Client does not send a NAK, so I
> > believe it is a client problem but it’s Windows 7 … there must be
> > thousands of installs with Windows 7 and 802.1x EAP/TLS.

>   It's definitely a client problem.

Yeah, we'll open a case. I seems to be a problem if the configuration is done via GPOs, but not sure.

>   My suggestion is to do a re-install on the client.  Other Windows 7
> machines don't behave this way.

does not help. We can reproduce the problem on multiple machines.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list