Deployment Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse 5060 Thin Client

Table Of Contents

Table 9. Connection Settings: wnos.ini files, {username} INI, and $MAC INI files (continued)

Parameter

* Global overrides identically-named user profile

** After sign off, user profile returns to global value

Description

property. The method of browsing selected must match the

method provided by the server(s) being accessed.

This setting in a wnos.ini file will be saved into NVRAM, if

EnableLocal=yes is set in the wnos.ini file.

IEEE8021X={yes, no}

network={wired, wireless}

[Profile=ssid]

[access={WPA-PSK, WPA2-PSK, WPA-ENT, WPA2-ENT}]

[eap={yes,

no}]

[servervalidate={yes, no}]

[servercheck={yes, no}]

[servername={"servername for EAP-TLS, EAP-PEAP, EAP-

FAST"}]

[eaptype={

None, EAP-LEAP, EAP-TLS, EAP-PEAP, EAP-

FAST}]

[leapun={username for EAP-LEAP}]

[leappwd={password for EAP-LEAP}]

[leappwdEnc={password encrypted for EAP-LEAP}]

[tlsauthtype={user, machine}]

[tlsclntcert={client certificate filename for EAP-TLS}]

[tlsclntprikey={filename of certificate with private key for

EAP-TLS}]

[tlsclntprikeypwd={password for private key}]

[tlsclntprikeypwdEnc={password encrypted for private key}]

[peapeap={EAP-MSCHAPV2, EAP-GTC}]

[peapidentity={identity/username for PEAP}]

[peapmschapun={username for EAP-PEAP/ EAP-

MSCHAPV2}]

[peapmschappwd={password for EAP-PEAP/EAP-

MSCHAPV2}]

[peapmschappwdEnc={password encrypted for EAP-PEAP/

EAP-MSCHAPV2}]

[peapmschapdm={domain for EAP-PEAP/ EAP-MSCHAPV2}]

[peapmschaphidedm={yes,no}]

[peapsinglesignon={yes, no}]

[peapgtcun={username for EAP-PEAP/ EAP-GTC}]

[peapgtcpwd={password for EAP-PEAP/ EAP-GTC}]

[peapgtcpwdEnc={password for encrypted for EAP-PEAP/

EAP-GTC}]

[wpapskpwd={passphrase for WPA-PSK}]

[wpapskpwdEnc={passphrase encrypted for WPA-PSK}]

1. If IEEE8021X is set to no, then all parameters following it is

ignored.

2. If network is not configured, the configuration is ignored.

3. The key left of equal is case sensitive, and the value right

of equal case is not case sensitive except for credential

information; for example username, password or certificate

filename.

4. If two entries exist in an INI file, one each

for wired and wireless, both will take effect; for

example IEEE8021X=yes network=wired EAP=yes

… IEEE8021X=yes network=wireless access=WPA-ENT …

5. All EAP credential information is stored whatever the

eaptype setting.

6. The default values are underlined.

7. All passwords here should be encrypted.

8. The wildcard server include three entries in INI file. If both

the servervalidate entry and servercheck entry are set to

yes, the servername entry is valid.

9. Server certificate validation is mandatory in EAP-TLS

authentication. If the eaptype entry is set to EAP-TLS, the

servercheck entry must be set to yes.

10. Server list must be included in double quotation

marks. For example IEEE8021X=yes Network=wireless

access=WPA2-ENT eap=yes servervalidate=yes

servercheck=yes servername=";test.com;wireless98;

test.com" eaptype=eap-peap peapeap=eap-mschapv2

peapmschapun=administrator peapmschappwd=password

11. Additional option timeoutretry specifies the retry times

when 8021x authentication times out, which means that

it is only validated when the optional network type is

wired. For example, timeoutretry=3 allows you to retry

thrice after 8021x authentication times out.

12. Additional option Profile specifies the type of ssid

authentication to be configured. When we support multiple

ssid wireless settings, the statement ieee8021x must be

after the statement device=wireless, and one additional

profile parameter is needed to identify the type of ssid

authentication which is configured. For example,

#ThinIsIn

Device=Wireless Mode=Infrastructure

SSID=ThinIsInIEEE8021X=yes network=wireless

profile=ThinIsIn access=WPA2-ENT eap=yes

Parameters for wnos INI, {username} INI, and $MAC INI files