ERROR! Our request for peap was NAK'd with a request for peap

Phil Mayers p.mayers at imperial.ac.uk
Thu Dec 9 20:41:37 CET 2010


On 12/09/2010 06:25 PM, Rob Yamry wrote:
> I have a HP JetDirect 690n print server that Im trying to authenticate
> via FreeRadius 2.1.8 for wireless clients to use.  If I tell the 690 to
> use peap then I get the error "ERROR! Our request for peap was NAK'd
> with a request for peap".  If I tell it to use eap-tls I get the error
> "ERROR! Our request for tls was NAK'd with a request for tls".

That's pretty weird. In the debug you send, it gets part-way through the 
PEAP setup, then does a NAK. That is fairly broken.

This is a wild guess, but maybe the printer doesn't have (or doesn't 
trust) your CA certificate, so it's terminating the PEAP (and presumably 
the TLS too) with a NAK. It *should* send an SSL alert over the PEAP 
link before doing that IMHO


> have a user setup in the users file, but it still tries to search ldap

So don't configure LDAP.

> for that user.  I can login fine with the local "ktest" user via radtest
> or ntradping.  Debug log from a peap request is here:

radtest does not do eap. Google for "eapol_test" for a CLI way to test 
the EAP setup.



More information about the Freeradius-Users mailing list