Administrator Guide
NOTE: The CA certicate must be installed on the thin client. Also note that the server certicate text
eld supports a maximum of approximately 255 characters, and supports multiple server names.
– If you select the Connect to these servers check box, the box is enabled where you can enter the IP address of
server.
– Click Browse to nd and select the Client Certicate le and Private Key le you want.
NOTE: Make sure you select PFX le only.
– From the Authenticate drop-down list, select either User Authentication or Machine Authentication based on your
choice.
The following kinds of server names are supported — all examples are based on Cert Common name
company.dell.com
◦ *.dell.com
◦ *dell.com
◦ *.com
NOTE: Using only the FQDN, that is, company.dell.com does not work. You must use one of the options (note
that *.dell.com is the most common option as multiple authentication servers may exist):
servername.dell.com.
• LEAP—If you select the LEAP option, click Properties to open and congure the Authentication Properties dialog
box. Be sure to use the correct username and password for authentication. The maximum length for the username or
the password is 31 characters.
• PEAP—If you select the PEAP option, click Properties to open and congure the Authentication Properties dialog
box. Be sure to select either EAP_GTC or EAP_MSCHAPv2, and then use the correct username, password and domain.
Validate Server Certicate is optional.
• FAST—If you select the FAST option, click Properties to open and congure the Authentication Properties dialog box.
Be sure to select either EAP_GTC or EAP_MSCHAPv2, and then use the correct username, password and domain.
Validate Server Certicate is optional.
From ThinOS 8.3, EAP-FAST authentication is supported. During the initial connection, when there is a request for a
Tunnel PAC from the authenticator, the PAC is used to complete the authentication. Therefore, the rst time connection
always fails and the following connections succeed. Only automatic PAC provisioning is supported. The user/machine
PAC provisioning generated with Cisco EAP-FAST utility is not supported.
Conguring EAP-GTC and EAP-MSCHAPV2
• To congure EAP-GTC, enter the username only. The password or PIN is required when authenticating.
• To congure EAP-MSCHAPv2, enter the username, password and domain.
NOTE: The domain\username in the username box is supported, but you must leave the domain box blank.
The CA certicate must be installed on the thin client and the server certicate is forced to be validated. When EAP-
MSCCHAPV2 is selected as EAP type in the Authentication Properties dialog box for PEAP or FAST authentication, an
option to hide the domain is available for selection. Username and Password boxes are available for use, but the Domain
text box is disabled.
When EAP-MSCHAPV2 is selected as EAP type in the Authentication Properties dialog box for PEAP or FAST
authentication, a check box to enable Single Sign-On feature is available for selection.
3. Click OK to save the settings.
Important: From ThinOS version 8.5, client reboot is not required to change the network settings. All the changes
take eect immediately. For example, ThinOS connects to the new wireless SSID immediately without reboot.
Conguring the WLAN settings
1. From the desktop menu, click System Setup, and then click Network Setup.
The Network Setup dialog box is displayed.
2. Click the WLAN tab, and do the following:
32