AW: Windows 7 answers LAN based EAP-TLS with EAP-NAK and PEAP

Thu Aug 30 16:56:56 CEST 2012


We've found the problem und fixed it together with the Microsoft support and here is the link to the Hotfix, if other FreeRadius users have the same problem:


-----Ursprüngliche Nachricht-----
Von: at [ at] Im Auftrag von PENZ Robert
Gesendet: Dienstag, 7. August 2012 13:22
An: FreeRadius users mailing list
Betreff: AW: Windows 7 answers LAN based EAP-TLS with EAP-NAK and PEAP

> > The problem now is that in 1/3 of the clients boots (done over 40 times
> > with a tap devices running as sniffer) the Windows Client sends an
> > 
> > response: Legacy Nak (Response only) [RFC3748] with the wish for PEAP.
> > After this the freeradius Server sends a reject ([eap] NAK asked for
> > unsupported type PEAP).

>   Either configure PEAP, or fix the client to stop asking for PEAP.

trying ... ;-)

> > In the 2/3 of the cases it works the Client does not send a NAK, so I
> > believe it is a client problem but it’s Windows 7 … there must be
> > thousands of installs with Windows 7 and 802.1x EAP/TLS.

>   It's definitely a client problem.

Yeah, we'll open a case. I seems to be a problem if the configuration is done via GPOs, but not sure.

>   My suggestion is to do a re-install on the client.  Other Windows 7
> machines don't behave this way.

does not help. We can reproduce the problem on multiple machines.

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list