It pretends to implement EAP, but it does not.  Disable EAP for the
    printer.

There isnt an option to disable eap on the printer.  The protocols I have the option for on the printer are leap, peap and eap-tls.  peap and eap-tls give me the above error.  leap just kinda stops (i should probably disable leap anyways).  Is there any workaround/update/enhancement to get this working (peap, that is...)?


This is a wild guess, but maybe the printer doesn't have (or doesn't trust) your CA certificate, so it's terminating the PEAP (and presumably the TLS too) with a NAK. It *should* send an SSL alert over the PEAP link before doing that IMHO

I have my CA imported to the printer. I also made the printer a client cert and imported that as well.  The only thing I can think of here is that the printer asks for the "server id" which they define as "The Server ID must match the rightmost portion of the name provided by the authentication server".  Ive tried multiple names here including the hostname from the certs, radius hostname, NAS IP, just about everything that I can think of and nothing seems to matter.  Something I could be missing maybe?
 
have a user setup in the users file, but it still tries to search ldap

So don't configure LDAP.

I *need* ldap for the rest of my setup.  The whole user base besides this printer auth's against ldap.  Since this printer is an oddball situation, I created a local user in the users file for it.  Regardless, even if I do make an ldap account for it, it still fails with the NAK msg.


radtest does not do eap. Google for "eapol_test" for a CLI way to test the EAP setup.

Eh, I have tested with eapol_test as well using the peap-mschapv2 and ttls-eap-mschapv2 and both work fine for that test user.