Wyse Technology 90955101L manual Using Peap Fast Reconnect

Page 51

Getting to Know the Extended WES Features

41

Using PEAP Fast Reconnect

When clients connect to an 802.11 wireless network, the authenticated session has an expiration interval configured by the network administrator to limit the duration of authenticated sessions. To avoid the requirement for authenticated clients to periodically re-authenticate and resume a session, you can enable the fast reconnect option.

PEAP supports fast reconnect, as long as each wireless access point is configured as a client of the same IAS (RADIUS) server. In addition, fast reconnect must be enabled on both the wireless client and the RADIUS server.

When PEAP fast reconnect is enabled, after the initial PEAP authentication succeeds, the client and the server cache TLS session keys. When users associate with a new wireless access point, the client and the server use the cached keys to re-authenticate each other until the cache has expired. Because the keys are cached, the RADIUS server can quickly determine that the client connection is a reconnect. This reduces the delay in time between an authentication request by a client and the response by the RADIUS server. It also reduces resource requirements for the client and the server.

If the RADIUS server that cached the session keys is not used, full authentication is required, and the user is again prompted for credentials or a PIN. This can occur in the following situations:

The user associates with a new wireless access point that is configured as a client of a different RADIUS server.

The user associates with the same wireless access point, but the wireless access point forwards the authentication request to a different RADIUS server.

In both situations, after the initial authentication with the new RADIUS server succeeds, the client caches the new TLS session keys. Clients can cache TLS session keys for multiple RADIUS servers.

Using the Regpersistence Tool to Configure PEAP Wireless Connections

Use the following guidelines:

1.Image the Windows Embedded Standard Client.

2.Add the following three user-specific folders to the File Based Write Filter Exclusion List:

\Documents and Settings\<username>\Application Data\Microsoft\Crypto

\Documents and Settings\<username>\Application Data\Microsoft\Protect

\Documents and Settings\<username>\Application Data\Microsoft\SystemCertificates

3.Add the username to the [Profile] section of the NetXClean.ini file.

4.Add the user to the Administrators group.

5.With the Write Filter enabled, configure a wireless connection.

When users log in, they are not prompted for wireless credentials.

Note

When you configure PEAP authentication with the Regpersistence tool, the thin client must have a corresponding or relative user certificate and server certificate for authentication. With the Regpersistence tool, the user name and domain name are saved across reboots; the PEAP authentication process prompts only for the password to prevent hackers from spoofing user credentials while users are connected across a WAN.

Page 50 Page 52
Image 51
Page 50 Page 52
Contents Wyse Enhanced Microsoft Windows Embedded Standard Administrators GuideRestricted Rights Legend Ordering Information FCC Statement Copyright NoticesEnd User License Agreement License Trademarks PatentsRegulatory Compliance for Wyse Products Wireless Usage and RequirementsDevice Power Supply IiiModel VX0 Thin Client, Products V90LW, V90LEW Battery InformationContents System Administration Administrative Utilities and SettingsFigures Tables ViiViiiContents This page intentionally blank Wyse Technology Inc -01 Rev. B Summary of RevisionsWyse Technology Inc -01 Rev. C Reference DescriptionNew PowerTerm Session Manager and PowerTerm Emulation Introduction About this GuideOrganization of this Guide Wyse Online Community Wyse Technical SupportFinding the Information You Need in this Guide Related Online Resources Available at WyseEstablishing a Server Environment Setting-Up Access to the Enterprise ServersUsing Dynamic Host Configuration Protocol Dhcp Understanding How to Configure Your Network ServicesDNS Dhcp Options DescriptionUsing FTP File Servers Using Domain Name System DNS Understanding Session ServicesConfiguring RDP Session Services Configuring ICA Session ServicesImplementing View Client Support on Wyse Thin Clients Using VMware View Manager ServicesThis page intentionally blank What Happens When You Turn on Your Thin Client Getting StartedLogging On Configuring the Thin Client Automatic LogonManual Log-on About the Automatically Launched Utilities User desktop example Understanding the User DesktopAdministrator desktop example Understanding the Administrator DesktopLogging Off, Shutting Down, and Restarting Getting to Know the Extended WES Features Configuring and Using PeripheralsAccessing the Extended Features of the All Programs Menu Viewing Client Information Managing Connections with Citrix Program NeighborhoodEstablishing Remote Desktop Connections Browsing the Internet with Internet ExplorerOdyssey Client Manager Using the Odyssey Client ManagerSynchronizing Thin Client Time with Neutron Ericom PowerTerm TEC and ConnectVMware View Client extended view Using VMware View Client to Connect to a Virtual DesktopAdministrator Control Panel example Accessing the Administrator Control Panel Extended OptionsAccessing and Using the Administrative Tools Configuring Component ServicesAdministrative Tools window Viewing Events Managing ServicesManaging Users Configuring WinVNC Current User PropertiesBluetooth Devices dialog box Configuring Bluetooth Wireless ConnectionsDevices tab Custom Fields Setting Configuration Strings with Custom FieldsConfiguring Dual Video VGA RAM Configuring Dual Monitor DisplaySelect Do not share this printer and click Next Configuring TouchscreensConfiguring Printers Adding PrintersRamdisk Configuration Setting Ramdisk SizeEnglish US default Selecting Regional and Language OptionsControlling Sounds and Audio Devices Enabling and Disabling Automatic Logon Using Winlog Configuring WDM PropertiesConfiguring the Internal Wireless Feature Configuring Wireless Local Area Network LAN SettingsUsing Wireless Zero Configuration WZC Wireless Network Properties EAP-TLS Smart Card or other Certificate Properties EAP-TLS Wireless Network Properties PEAP-MS-CHAP Configuring Wireless Thin Clients for PEAP-MS-CHAPEnter Credentials PEAP-MS-CHAP Preserving Wireless Connections Using Peap Fast Reconnect This page intentionally blank Using the File Based Write Filter Fbwf Administrative Utilities and SettingsChanging Passwords with the File Based Write Filter Administrative Utilities and Settings Running File Based Write Filter Command Line Options File Based Write Filter Control Setting the File Based Write Filter ControlsFbwf Cache Settings area includes Understanding the NetXClean Utility Drive C and Flash Saving Files and Using Local DrivesSaving Files Drive ZMapping Network Drives Participating in DomainsJoining a Domain Using the WinPing Diagnostic Utility Using the Net and Tracert UtilitiesUsing Roaming Profiles Creating New User Accounts Managing Users and Groups with User ManagerCreating New Groups Configuring User ProfilesDetermining Group Membership Changing the Computer Name of a Thin ClientThis page intentionally blank Accessing Thin Client Bios Settings System AdministrationManually Installing and Upgrading Addons Installing and Upgrading AddonsFTP Addon Installer dialog box automatic example Automatically Installing and Upgrading AddonsFTP Options complete one of the following Using Windows Server Update Services Wsus on a Thin Client Uninstalling Addons Using the FTP Addon InstallerConfiguring the Thin Client for Wsus Using Wsus on the Wyse Thin Client in Standalone Mode Automatic Software Updates on Wyse Thin Clients Using WsusWsus Components Description Troubleshooting Wsus in Standalone ModeWsus Log Format Date Time Component TextUser is offered one update and chooses to install it Windows Update Log File ExamplesService Startup Windows Update agent searches for available updatesConfiguring Wsus for Automatic Software Updates Using SMS Troubleshooting Wsus Used with SMSAbout VB Scripts Wsus 2.0 Reports Tab Using Wsus with WDMWindowsUpdate.log file-provides statistics Using WinVNC to Shadow a Thin ClientTroubleshooting Wsus with WDM Setting VNC Server PropertiesVNC Connection Details Setting VNC Viewer OptionsVNC Connection Options VNC Authentication Figures Page Tables
Top Page Image Contents