ERROR! Our request for peap was NAK'd with a request for peap
Phil Mayers
p.mayers at imperial.ac.uk
Thu Dec 9 20:41:37 CET 2010
On 12/09/2010 06:25 PM, Rob Yamry wrote:
> I have a HP JetDirect 690n print server that Im trying to authenticate
> via FreeRadius 2.1.8 for wireless clients to use. If I tell the 690 to
> use peap then I get the error "ERROR! Our request for peap was NAK'd
> with a request for peap". If I tell it to use eap-tls I get the error
> "ERROR! Our request for tls was NAK'd with a request for tls".
That's pretty weird. In the debug you send, it gets part-way through the
PEAP setup, then does a NAK. That is fairly broken.
This is a wild guess, but maybe the printer doesn't have (or doesn't
trust) your CA certificate, so it's terminating the PEAP (and presumably
the TLS too) with a NAK. It *should* send an SSL alert over the PEAP
link before doing that IMHO
> have a user setup in the users file, but it still tries to search ldap
So don't configure LDAP.
> for that user. I can login fine with the local "ktest" user via radtest
> or ntradping. Debug log from a peap request is here:
radtest does not do eap. Google for "eapol_test" for a CLI way to test
the EAP setup.
More information about the Freeradius-Users
mailing list