Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse 3010 Thin Clients/T10/T50/T00X
31323334353637383940
EAP Type — If you have enabled the Enable IEEEE 802.1x authentication check box, select the EAP Type option you want
(TLS, LEAP, PEAP or FAST).
TLS — If you select the TLS option, click Properties to open and congure the Authentication Properties dialog box.
Select the Validate Server Certicate check box because it is mandatory to validate your server certicate.
NOTE:
The CA certicate must be installed on the thin client. Also note that the server certicate text
eld supports a maximum of approximately 255 characters, and supports multiple server names.
If you select the Connect to these servers check box, the box is enabled where you can enter the IP address of server.
Click Browse to nd and select the Client Certicate le and Private Key le you want.
NOTE: Make sure you select PFX le only.
From the Authenticate drop-down list, select either User Authentication or Machine Authentication based on your
choice.
The following kinds of server names are supported — all examples are based on Cert Common name
company.wyse.com
*.wyse.com
*wyse.com
*.com
NOTE
:
Using only the FQDN, that is company.wyse.com does not work. You must use one of the options (note
that *.wyse.com is the most common option as multiple authentication servers may exist):
servername.wyse.com
LEAP — If you select the LEAP option, click Properties to open and congure the Authentication Properties dialog box.
Be sure to use the correct username and password for authentication. The maximum length for the username or the
password is 31 characters.
PEAP — If you select the PEAP option, click Properties to open and congure the Authentication Properties dialog box.
Be sure to select either EAP_GTC or EAP_MSCHAPv2, and then use the correct username, password and domain. Validate
Server Certicate is optional.
FAST—If you select the FAST option, click Properties to open and congure the Authentication Properties dialog box. Be
sure to select either EAP_GTC or EAP_MSCHAPv2, and then use the correct username, password and domain. Validate
Server Certicate is optional.
From ThinOS Lite 2.3, EAP-FAST authentication is supported. During the initial connection, when there is a request for a
Tunnel PAC from the authenticator, the PAC is used to complete the authentication. Therefore, the rst time connection
always fails and the following connections succeed. Only automatic PAC provisioning is supported. The user/machine PAC
provisioning generated with Cisco EAP-FAST utility is not supported.
Conguring EAP-GTC and EAP-MSCHAPV2
To congure EAP-GTC, enter the username only. The password or PIN is required when authenticating.
To congure EAP-MSCHAPv2, enter the username, password and domain.
IMPORTANT
: The domain\username in the username box is supported, but you must leave the
domain box blank.
The CA certicate must be installed on the thin client and the server certicate is forced to be validated. When EAP-
MSCCHAPV2 is selected as EAP type in the Authentication Properties dialog box for PEAP or FAST authentication, an
option to hide the domain is available for selection. Username and Password boxes are available for use, but the Domain text
box is disabled.
34
Conguring the connectivity