Fiddling with EAP types...
Alan DeKok
aland at deployingradius.com
Wed Apr 10 13:22:47 UTC 2024
On Apr 10, 2024, at 6:05 AM, Marco Gaiarin <gaio at lilliput.linux.it> wrote:
> But this client (an HP Color LaserJet M452nw) claim to have support for
> PEAP, LEAP and EAP-TLS, not explicitly citing MSCHAPv2.
If the client doesn't do PEAP/MSCHAPv2, then no amount of poking FreeRADIUS will make the client do PEAP/MSCHAPv2.
> If i try to use PEAP i lead to:
>
> Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) eap: WARNING: !!! We requested to use an EAP type as normal.
> Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) eap: WARNING: !!! The supplicant rejected that, and requested to use the same EAP type.
> Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) eap: WARNING: !!! i.e. the supplicant said 'I don't like X, please use X instead.
> Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) eap: WARNING: !!! The supplicant software is broken and does not work properly.
> Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) eap: WARNING: !!! Please upgrade it to software that works.
> Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) Login incorrect (eap: No mutually acceptable types found): [lp_hpcljm452-1] (from client unifi-sv port 0 cli 60-6D-C7-27-C1-C9)
>
>
> There's some way i can force a 'compatible' EAP type for that user and only
> that?
Find out what the printer supports, and configure FreeRADIUS to do that,
In this case, likely EAP-TLS.
Alan DeKok.
More information about the Freeradius-Users
mailing list