It pretends to implement EAP, but it does not. Disable EAP for the printer.
There isnt an option to disable eap on the printer. The protocols I have the option for on the printer are leap, peap and eap-tls. peap and eap-tls give me the above error. leap just kinda stops (i should probably disable leap anyways). Is there any workaround/update/enhancement to get this working (peap, that is...)?
This is a wild guess, but maybe the printer doesn't have (or doesn't trust) your CA certificate, so it's terminating the PEAP (and presumably the TLS too) with a NAK. It *should* send an SSL alert over the PEAP link before doing that IMHO
I have my CA imported to the printer. I also made the printer a client cert and imported that as well. The only thing I can think of here is that the printer asks for the "server id" which they define as *"The Server ID must match the rightmost portion of the name provided by the authentication server"*. Ive tried multiple names here including the hostname from the certs, radius hostname, NAS IP, just about everything that I can think of and nothing seems to matter. Something I could be missing maybe?
have a user setup in the users file, but it still tries to search ldap
So don't configure LDAP.
I *need* ldap for the rest of my setup. The whole user base besides this printer auth's against ldap. Since this printer is an oddball situation, I created a local user in the users file for it. Regardless, even if I do make an ldap account for it, it still fails with the NAK msg. radtest does not do eap. Google for "eapol_test" for a CLI way to test the
EAP setup.
Eh, I have tested with eapol_test as well using the peap-mschapv2 and ttls-eap-mschapv2 and both work fine for that test user.