Intel 3945ABG User Manual

NOTE: If the provisioned Protected Access Credential (PAC) is valid, Intel(R) PROSet/Wireless does

not prompt the user for acceptance of the PAC. If the PAC is invalid, Intel PROSet/Wireless fails the

provisioning automatically. A status message is displayed in the

Wireless Event Viewer

that an

administrator can review on the user's computer.

1. Verify that Disable EAP-FAST Enhancements (CCXv4) is not selected. Allow unauthenticated

provisioning and Allow authenticated provisioning are selected by default. Once a PAC is selected

from the Default Server, you can deselect any of these provisioning methods.

2. Default Server: None is selected as the default. Click Select Server to select a PAC from the default PAC

authority server or select a server from the Server group list. The EAP-FAST Default Server (PAC

Authority) selection page opens.

NOTE: Server groups are only listed if you have installed an

Administrator Package

that contains

EAP-FAST Authority ID (A-ID) Group settings.

PAC distribution can also be completed manually (out-of-band). Manual provisioning enables you to create a PAC

for a user on an ACS server and then import it into a user's computer. A PAC file can be protected with a

password, which the user needs to enter during a PAC import.

To import a PAC:

1. Click Import to import a PAC from the PAC server.

2. Click Open.

3. Enter the PAC password. (Optional)

4. Click OK closes this page. The selected PAC is used for this wireless profile.

EAP-FAST CCXv4 enables support for the provisioning of other credentials beyond the PAC currently provisioned

for tunnel establishment. The credential types supported include trusted CA certificate, machine credentials for

machine authentication, and temporary user credentials used to bypass user authentication.

Use a certificate (TLS Authentication)

1. Click Use a certificate (TLS Authentication)

2. Click Identity Protection when the tunnel is protected.

3. Select one of the following:

❍

Use a user certificate on this computer. Click Select to choose the user certificate. Click OK.

Proceed to Step 4.

❍

Use the certificate issued to this computer. Proceed to Step 5.

❍

Use my smart card. Select if the certificate resides on a smart card. Proceed to Step 5.

4. User Name: Enter the user name assigned to the user certificate.

5. Click Next.

Step 2 of 3: EAP-FAST Additional Information

If you selected Use a certificate (TLS Authentication) and Use a user certificate on this computer, click

Next (no roaming identity is required) and proceed to

Step 3

to configure EAP-FAST Server certificate settings. If

you do not need to configure EAP-FAST server settings, click OK to save your settings and return to the Profiles

page.

If you selected to use a smart card, add the roaming identity, if required. Click OK to save your settings and

return to the Profiles page.

If you did not select Use a certificate (TLS Authentication), click Next to select an Authentication Protocol.

CCXv4 permits additional credentials or TLS cipher suites to establish the tunnel.

Authentication Protocol: Select either

GTC

, or

MS-CHAP-V2

(Default)