Generic Token Card (GTC)
GTC may be used with Server-Authenticated Mode . This enable peers using other user databases as Lightweight
Directory Access Protocol (LDAP) and one-time password (OTP) technology to be provisioned in-band. However,
the replacement may only be achieved when used with the TLS cipher suites that ensure server authentication.
To configure a one-time password:
1. Authentication Protocol: Select GTC (Generic Token Card).
2. User Credentials: Select Prompt each time I connect
3. On connection prompt for: Select one of the following:
❍ Static Password: On connection, enter the user credentials.
❍ One-time password (OTP): Obtain the password from a hardware token device.
❍ PIN (Soft Token): Obtain the password from a soft token program.
4. Click OK.
5. Select the profile on the Wireless Networks list.
6. Click Connect. When prompted, enter the user name, domain and one-time password (OTP).
7. Click OK.
MS-CHAP-V2. This parameter specifies the authentication protocol operating over the PEAP tunnel.
1. User Credentials: Select one of the following options:
❍ Use Windows Logon: Allows the 802.1x credentials to match your Windows user name and
password. Before connection, you are prompted for your Windows logon credentials.
NOTE: This option is unavailable if Pre-Logon Connect is not selected during installation of the
Intel PROSet/Wireless software. Refer to
Install or Uninstall the Single Sign On Feature.
❍ Prompt each time I connect: Prompts for user name and password every time you log onto the
network.
❍ Use the following user name and password: The user name and password are securely
(encrypted) saved in the profile.
■ User Name: This user name must match the user name that is set in the authentication
server.
■ Domain: Name of the domain on the authentication server. The server name identifies a
domain or one of its subdomains (for example, zeelans.com, where the server is blueberry.
zeelans.com).
NOTE: Contact your administrator to obtain the domain name.
■ Password: This password must match the password that is set in the authentication server.
The entered password characters display as asterisks.
■ Confirm Password: Reenter the user password.
2. Roaming Identity: If the Roaming Identity is cleared, %domain%\%username% is the default.
When 802.1x MS RADIUS is used as an authentication server, the server authenticates the device
that uses the Roaming Identity user name from Intel PROSet/Wireless software, and ignores the
Authentication Protocol MS-CHAP-V2 user name. This feature is the 802.1x identity supplied to
the authenticator. Microsoft IAS RADIUS accepts only a valid user name (dotNet user) for EAP
clients. When 802.1x MS RADIUS is used, enter a valid user name. For all other servers, this is
optional. Therefore, it is recommended to use the desired realm (for example,
anonymous@myrealm) instead of a true identity.
Step 3 of 3: EAP-FAST Server