Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10278
Views
10
Helpful
4
Replies

12851 Received unexptected EAP NAK, HP Laserjet

Go to solution
bvj197222
Level 1
Level 1

‎02-20-2018 03:30 AM - edited ‎02-21-2020 10:46 AM

We have a corporate Wireless network With 802.1x authentication. The AAA-server is an ACS1121 running 5-6-0-22-7 (latest patch for ver 5.6). I am trying to configure a HP Laserjet MFP M477 to get authenticated using AD username and password. I have done this before and it did work. However, I'm unable to get this printer authenticated. The error Message from the ACS is "12851 Received unexpected EAP NAK message. Client rejected the conversation". There's not many options to configure on the printer, I am enclosing the config-screen.

More info about the error Message; "ACS expects for regular conversation continuation but client sent outer EAP method NAK message. It means that client rejected conversation for some reason that is unknown to ACS. Known issue: CSSC 5.1.1.10 sends outer EAP method NAK during EAP-FAST/EAP-GTC conversation to reject the conversation according to input of the user".

 

If I enable only EAP-TLS instead of PEAP the ACS reports The supplicant of the client sent an EAP-Response/NAK packet rejecting the previously-proposed EAP-based protocol, and requesting to use EAP-TLS instead.  However, EAP-TLS is not allowed in the Allowed Protocols section of the relevant Access Service.". However, I checked the access service, and TLS is enabled (see ACS.png).

20 people had this problem
Labels:
Preview file
34 KB
Preview file
40 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dal
Level 3
Level 3

‎12-03-2019 06:46 AM

Hi.

I don't know if you found a solution for this, but I think you need to install a root ca when using PEAP. Same as with EAP-TLS

Username and password only is not enough.

If you want to use username / password only, you need to choose MD5 as authentication protocol.

View solution in original post

4 Replies 4

Go to solution
konrydz
Level 1
Level 1

‎03-20-2019 07:46 AM

Does anyone have a solution?

0 Helpful

Go to solution
dal
Level 3
Level 3

‎12-03-2019 06:46 AM

Hi.

I don't know if you found a solution for this, but I think you need to install a root ca when using PEAP. Same as with EAP-TLS

Username and password only is not enough.

If you want to use username / password only, you need to choose MD5 as authentication protocol.

Go to solution
TM29
Level 1
Level 1

‎04-02-2021 01:03 PM - edited ‎03-17-2022 05:40 PM

Has anyone actually resolve this problem? I've tried a few different settings now and installed the root ca but still no luck.

**Update** 

we finally got ours to work after upgrading our cisco ise servers. 

Go to solution
konrydz
Level 1
Level 1

‎04-07-2021 01:51 AM

As Dal said you have to install root ca. It was solution for me

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents