Sony CH240 User Manual
Page 66
A
d
mini
s
tra
ting
t
he
Came
ra
Using the 802.1X Authentication Function — 802.1X Menu
66
3
Select New from the context menu, then select
Group and configure the group for 802.1X
connection.
For example, the group “Wired_802.1X_Group” is
assumed for explanation purposes.
Configuring the Internet Authentication
Service
1
Open Internet Authentication Service from
Administrative Tools of the Windows menu.
2
Click Register Server in Active Directory on the
operation menu.
3
Read the displayed precautions carefully and click
OK to accept them.
Then, continue to configure the EAP-TLS policy.
4
Select Remote Access Policy and right-click.
5
Select New from the context menu, and select
Remote Access Policy to open “New Remote
Access Policy Wizard”.
6
Select Set up a custom policy.
7
Set the following items:
Policy name: Type “Allow 802.1X Access” as an
example.
Policy conditions: Click Add and add the
following items:
– NAS Port-Type: Ethernet, Wireless-
IEEE802.11, Wireless-Other and Virtual
(VPN)
– Windows-Groups: Wired_802.1X_Group
Permissions: Select Grant remote access
permission.
Edit Profile:
– Dial-in Constraints tab: Specify the session
time out period during which the client is
allowed to be connected, as required.
– Authentication tab: Delete checks from all the
boxes. Click EAP Method and add Smart
Card or other certificates.
Then, continue to configure the RADIUS client.
8
Select RADIUS Clients and right-click.
9
Select New RADIUS Client from the context
menu.
10
Set the following items:
Friendly name: Type “authenticator” as an
example.
Client address (IP or DNS): IP address of the
authenticator
Client-Vender: RADIUS Standard
Shared secret: Specify the shared secret to be set
in the authenticator.
Adding a user
1
Open Active Directory Users and Computers
from Administrative Tools of Windows menu.
2
Select Users of the domain with which you want to
add a user and right-click.
3
Select New from the context menu, then select
User.
4
Set the following items to configure a new user:
For example, the log-on user name “1XClient” is
assumed for explanation purposes.
First name: 1XClient
User logon name: 1XClient@<domain name>
Password: Specify a password. Then select
Password never expires in account options.
5
Select the user to be added and right-click.
6
Select Properties from the context menu.
7
Set the following items:
Dial-in tab: Select Allow access in Remote
Access Permission (Dial-in or VPN)
Member Of tab: Add “Wired_802.1X_Group”.
The preparations for configuring a 802.1X network are
now completed.
Proceed to issue the certificate to be imported to the
camera.
Issuing the CA certificate
Prepare a Windows client PC (called “client PC”
hereafter) to temporarily store the certificate, and
configure so that the client PC and Windows Server
2003 computer can be connected through the network.
1
Start Internet Explorer on the client PC.
2
Type the CA’s URL in the address bar, and click Go
To.
The CA’s URL is normally as follows: