Windows 7 answers LAN based EAP-TLS with EAP-NAK and PEAP
Alan DeKok
aland at deployingradius.com
Tue Aug 7 06:48:54 CEST 2012
PENZ Robert wrote:
> The problem now is that in 1/3 of the clients boots (done over 40 times
> with a tap devices running as sniffer) the Windows Client sends an
>
> response: Legacy Nak (Response only) [RFC3748] with the wish for PEAP.
> After this the freeradius Server sends a reject ([eap] NAK asked for
> unsupported type PEAP).
Either configure PEAP, or fix the client to stop asking for PEAP.
> In the 2/3 of the cases it works the Client does not send a NAK, so I
> believe it is a client problem but it’s Windows 7 … there must be
> thousands of installs with Windows 7 and 802.1x EAP/TLS.
It's definitely a client problem.
> Would it help
> if freeradius ignores the EAP-NAK packets? Any help appreciated!
That wouldn't help.
My suggestion is to do a re-install on the client. Other Windows 7
machines don't behave this way.
Alan DeKok.
More information about the Freeradius-Users
mailing list