No roaming identity is required) and proceed to, Step 3, Ms-chap-v2 – Intel 3945ABG User Manual

Generic Token Card (GTC)

GTC may be used with Server-Authenticated Mode . This enable peers using other user databases as Lightweight

Directory Access Protocol (LDAP) and one-time password (OTP) technology to be provisioned in-band. However,

the replacement may only be achieved when used with the TLS cipher suites that ensure server authentication.

To configure a one-time password:

1. Authentication Protocol: Select GTC (Generic Token Card).

2. User Credentials: Select Prompt each time I connect

3. On connection prompt for: Select one of the following:

❍

Static Password: On connection, enter the user credentials.

❍

One-time password (OTP): Obtain the password from a hardware token device.

❍

PIN (Soft Token): Obtain the password from a soft token program.

4. Click OK.

5. Select the profile on the Wireless Networks list.

6. Click Connect. When prompted, enter the user name, domain and one-time password (OTP).

7. Click OK.

MS-CHAP-V2. This parameter specifies the authentication protocol operating over the PEAP tunnel.

1. User Credentials: Select one of the following options:

❍

Use Windows Logon: Allows the 802.1x credentials to match your Windows user name and

password. Before connection, you are prompted for your Windows logon credentials.

NOTE: This option is unavailable if Pre-Logon Connect is not selected during installation of the

Intel PROSet/Wireless software. Refer to

Install or Uninstall the Single Sign On Feature

.

❍

Prompt each time I connect: Prompts for user name and password every time you log onto the

network.

❍

Use the following user name and password: The user name and password are securely

(encrypted) saved in the profile.

■

User Name: This user name must match the user name that is set in the authentication

server.

■

Domain: Name of the domain on the authentication server. The server name identifies a

domain or one of its subdomains (for example, zeelans.com, where the server is blueberry.

zeelans.com).

NOTE: Contact your administrator to obtain the domain name.

■

Password: This password must match the password that is set in the authentication server.

The entered password characters display as asterisks.

■

Confirm Password: Reenter the user password.

2. Roaming Identity: If the Roaming Identity is cleared, %domain%\%username% is the default.

When 802.1x MS RADIUS is used as an authentication server, the server authenticates the device

that uses the Roaming Identity user name from Intel PROSet/Wireless software, and ignores the

Authentication Protocol MS-CHAP-V2 user name. This feature is the 802.1x identity supplied to

the authenticator. Microsoft IAS RADIUS accepts only a valid user name (dotNet user) for EAP

clients. When 802.1x MS RADIUS is used, enter a valid user name. For all other servers, this is

optional. Therefore, it is recommended to use the desired realm (for example,

anonymous@myrealm) instead of a true identity.

Step 3 of 3: EAP-FAST Server