Folks,
While I realize there are only hours left, I have decided to forward these directions anyway.
PEAP is working now, with a username/password of ietf60/ietf60.
So, a configuration how-to :
>From the Start menu, select "Control Panel", followed by the "Network Connections" icon. In the "Network Connections" window, find the wireless interface that you intend to use. Right click on the wireless interface, and select properties. In the properties window, select the "Wireless Networks" tab.
Since the 802.1X wireless network is not broadcast, you may need to add it to your preferred networks. To do this, click on the "Add..." button in the "Preferred Networks" pane. In the "Network name (SSID):" field, enter "ietf60-1x". For "Network Authentication" be sure it is set to "Open", and for "Data encryption:" set it to WEP. Finally, make sure that the check box for "The key is provided for me automatically" is checked.
Next, select the "Authentication" tab at the top of the window. In the authentication tab, be sure that "Enable IEEE 802.1x authentication for this network" is checked. Then, for EAP type select "Protected EAP (PEAP)".
Then, click the Properties button below the "EAP Type" box. In the "Protected EAP Properties" uncheck the box for "Validate server certificate". Under "Select Authentication Method", select "Secured password (EAP-MSCHAP v2)" then click on configure. Uncheck the box for "Automatically use my Windows logon name and password (and domain if any)."
Select the "Ok" button for all windows that remain open. If you are within range of a wireless network that supports the iet60-1x network, Windows should now attempt to authenticate. During the authentication you should see a bubble in the bottom right corner of your screen that indicates that you need to select a certificate or other credentials to log in. Click on the bubble, and enter "ietf60" for both the username and password. (Leave the Domain field blank.) Finally, select Ok, and you should now be authenticated.
Karen O'Donoghue wrote:
Folks,
We are experimenting with dynamic keying via 802.1X on the IETF wireless network. You are invited to try this service if you wish. However, this isn't production so please do not ask for assistance from the terminal room help desk staff. Help is available from the following (depending on schedule):
Chris Hessing, Chris.Hessing@xxxxxxxx Chris Elliott, chelliot@xxxxxxxxx
Regards, Karen
Anonymous 802.1X at IETF 60 =========================== Chris Hessing, University of Utah/Open1x Project
On the IETF 60 wireless network we are providing a separate SSID and VLAN that
does anonymous 802.1X authentication with support for dynamic WEP. The advantage
of using this is your wireless connection will be encrypted using per-user,
per-session keys. In addition, if you choose to check the certificate provided
by the network infrastructure during the authentication phase, you will also
receive some assurance that you are connecting to the IETF 60 network and not
some other network.
If you would like to make use of the 802.1X wireless network, you will need to
use the non-broadcast ESSID of “ietf60-1x”.
You will also need an 802.1X supplicant that has support for TTLS-PAP. Windows
XP/2000 users can download a plug-in to the native 802.1X client at
http://www.secureW2.com. Mac OS X users that are running OS 10.3+ already have
support included in the OS. Directions are provided below. Linux users
can download Xsupplicant from http://www.open1x.org.
Your supplicant will receive a server certificate that is a test certificate.
You can choose to configure your supplicant to accept this certificate the first
time it is provided and check it thereafter, allowing your supplicant to verify
that you are connecting to the IETF network infrastructure, or you can choose to
not validate the server certificate.
The username and password that you use doesn't matter, as long as you fill
something in for both. If you have an option to fill in a domain please leave it
blank.
Note that the encryption type supported at this time is dynamic WEP. We are not currenly supporting WPA/TKIP.
We are currently working on supporting other EAP authentication types, including PEAP-GTC.
MAC Users ========= 1. Open Internet Connect 2. Under File "New 802.1X connect" a. edit config name - whatever you want username - whatever you want password - whatever you want wireless network - ietf60-1x authentication - only select TTLS configure TTLS TTLS Inner Authentication - PAP no outer id connect 3. Self signed cert - accept.
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf