SmartBridges sB3210 Network Router User Manual


 
Page 50 of 55
airPoint™ Nexus User Configuration Guide
intelligent wireless platform
Change the default_eap_type from tls to peap:
eap {
default_eap_type = peap
Move to the PEAP section below the TLS section and uncomment the following lines:
peap {
default_eap_type = mschapv2
}
The server is now ready for PEAP authentication.
8. Change Windows XP for PEAP
On the Wireless Network tab, select the network and click Configure to open the network properties.
Then
Select the Authentication tab
Select Protected EAP on the drop-down list
Click Properties
Enable "Validate server certificate"
In Trusted Root Certification Authorities list, enable the root.der certificate.
In Select Authentication Method, select "Secured password (EAP-MSCHAPv2)"
Click Configure
If desired, enable "Automatically use our Windows logon name and password".
I did not enable "Automatically use our Windows ..." In our HP laptop, the software adds HP\\ before
the user name; e.g., HP\\jbibe. If you don't enable this option, windows will ask for your user name
and password the first time the laptop tries to connect to the network. The computer will then use the
user name and password exactly as entered.
On the original Authentication screen, we disabled the "Authenticate as computer when computer
information is available"
Windows XP is now ready for testing.
9. Test PEAP
The final step is to test the server. With Windows XP computer off, start the server in the debug mode
by entering:
/usr/local/radius/sbin/run-radius -X -A
The server should start, displaying various debug information. If it displays "Ready to process
requests", the server is running. This message is identical to the TLS start message. If you review the
debug information, you will see additional messages as peap and mschapv2 start.
If you see the Ready message, start the Windows XP computer. As the client and server
communicate, you will see various messages exchanged. If all is well, you should see the client
authenticated and the user logged on. Again you will see the MS-MPPE-Recv-Key and the MS-
MPPE-Send-Key.
If you review the debug messages, you will see the TLS tunnel being built. Once it is built, you will see
verification that messages are passing through the tunnel. Finally, you will see the user authenticated.