i n t e l l i g e n t

w i r e l e s s

p l a t f o r m

Change the default_eap_type from tls to peap:

eap {

default_eap_type = peap

Move to the PEAP section below the TLS section and uncomment the following lines:

peap {

default_eap_type = mschapv2

}

The server is now ready for PEAP authentication.

8. Change Windows XP for PEAP

On the Wireless Network tab, select the network and click Configure to open the network properties. Then

Select the Authentication tab

Select Protected EAP on the drop-down list

Click Properties

Enable "Validate server certificate"

In Trusted Root Certification Authorities list, enable the root.der certificate.

In Select Authentication Method, select "Secured password (EAP-MSCHAPv2)"

Click Configure

If desired, enable "Automatically use our Windows logon name and password".

I did not enable "Automatically use our Windows ..." In our HP laptop, the software adds HP\\ before the user name; e.g., HP\\jbibe. If you don't enable this option, windows will ask for your user name and password the first time the laptop tries to connect to the network. The computer will then use the user name and password exactly as entered.

On the original Authentication screen, we disabled the "Authenticate as computer when computer information is available"

Windows XP is now ready for testing.

9. Test PEAP

The final step is to test the server. With Windows XP computer off, start the server in the debug mode by entering:

/usr/local/radius/sbin/run-radius -X -A

The server should start, displaying various debug information. If it displays "Ready to process requests", the server is running. This message is identical to the TLS start message. If you review the debug information, you will see additional messages as peap and mschapv2 start.

If you see the Ready message, start the Windows XP computer. As the client and server communicate, you will see various messages exchanged. If all is well, you should see the client authenticated and the user logged on. Again you will see the MS-MPPE-Recv-Key and the MS- MPPE-Send-Key.

If you review the debug messages, you will see the TLS tunnel being built. Once it is built, you will see verification that messages are passing through the tunnel. Finally, you will see the user authenticated.

airPoint™ Nexus User Configuration Guide

Page 50 of 55

 

Page 49 Page 51
Page 50
Image 50
SmartBridges sB3210 manual Change Windows XP for Peap
Page 49 Page 51
Top Page Image Contents