ERROR! Our request for peap was NAK'd with a request for peap

Rob Yamry ryamry at
Thu Dec 9 23:00:02 CET 2010

>      It pretends to implement EAP, but it does not.  Disable EAP for the
>     printer.

There isnt an option to disable eap on the printer.  The protocols I have
the option for on the printer are leap, peap and eap-tls.  peap and eap-tls
give me the above error.  leap just kinda stops (i should probably disable
leap anyways).  Is there any workaround/update/enhancement to get this
working (peap, that is...)?

> This is a wild guess, but maybe the printer doesn't have (or doesn't trust)
> your CA certificate, so it's terminating the PEAP (and presumably the TLS
> too) with a NAK. It *should* send an SSL alert over the PEAP link before
> doing that IMHO

I have my CA imported to the printer. I also made the printer a client cert
and imported that as well.  The only thing I can think of here is that the
printer asks for the "server id" which they define as *"The Server ID must
match the rightmost portion of the name provided by the authentication
server"*.  Ive tried multiple names here including the hostname from the
certs, radius hostname, NAS IP, just about everything that I can think of
and nothing seems to matter.  Something I could be missing maybe?

> have a user setup in the users file, but it still tries to search ldap
> So don't configure LDAP.

I *need* ldap for the rest of my setup.  The whole user base besides this
printer auth's against ldap.  Since this printer is an oddball situation, I
created a local user in the users file for it.  Regardless, even if I do
make an ldap account for it, it still fails with the NAK msg.

radtest does not do eap. Google for "eapol_test" for a CLI way to test the
> EAP setup.

Eh, I have tested with eapol_test as well using the peap-mschapv2 and
ttls-eap-mschapv2 and both work fine for that test user.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list