User Manual

ManualsBrandsBarco ManualsComputers & AccessoriesMAIN-61771 | Small Medium Size Meeting Room Wireless Presentation System

6. CSE-200 Configurator

The Ne twork Device E nrolment Service is Microsoft’s server implem entation of the SCEP protocol. If you want to enable EAP-TLS

using SCE P make sure NDES is enabled, conﬁg ured and running on y our Windows Server. For more details about setting up NDES,

please visit the M icrosoft website

. S C EP use s a so called “challenge pas sword” to authenticate the enrollment reque st. For NDE S,

this challenge can be retrieved from yo ur server at: http(s)://[your-server-hostname]/CertSrv/mscep_admin.

When you enter the neces sary credentials into the setup wizard, the Bas e U nit will automatically retrieve this challenge from the

web page and use it in the enrollment req uest, thereby fully automating the process.

Necessary Data to continue:

Domain

The company domain for which you ar e enrolling, should match with the one deﬁ ned in your Active

Directory.

SCEP ServerIP/host-

name

This is the IP or hostname of the Windows Server in your network running the NDES service. Since

Internet Information Services (IIS) supports both HTTP and HT TPS, also include wh ich of the two you

want to u se. If not provided it will be default set to H TTP.

E.g.: http://myserver or https://10.192 .5.1 or server.mycompany.com (will use http)

SCEP Us er name This is a user in your Active Directory which has the required permission to access the NDES

service and request the challenge pass word. To be sure of this, the user should be part of the CA

Administrators group (in case of a stand-alone CA) or have enroll permissions on the conﬁgured

certiﬁcate templates.

SCEP P assword The corresponding password for the identity that you are using to authenticate on the corporate

network. P er Base Unit, every Button uses the sam e identity and password to connect to th

corporate network.

Domain

The company domain for whic h you are enrolling should match the one de ﬁned in your Act

ive

Directory.

Identity

Identity of the user account in the A ctive Directory which wi

ll be used by the Click Share B uttons to

connect to the corporate network. W hen using EAP-TLS make sure that the nec essary m apping

exists between the Client Certiﬁcate issued by your CA and this user account.

Corporate S SID The SSID of your c orporate wireless infrastructure to which the ClickShare Buttons will connect.

Using manually upload of certiﬁcates

Select the radio button next to Provide cer tiﬁcates manually and click Next.

If your c urrent setup does not support SCEP or you prefer not to us e it but you still want to beneﬁt of the mutual authentication

EAP-TLS offers, it is also pos sible to manually upload the necessary certiﬁcat es.

Image 6-25

Necessary Data to continue:

Domain The company domain for which y ou are enrolling, should match with the one deﬁned in your Active

Directory.

Identity Identity of the user account in the Active Directory which will be used by the Click Share Buttons to

connect to the corporate network. W hen using EAP-TLS make sure that the nec essary m apping

exists between the Clie

nt Certiﬁcate issued by your CA and this user account.

Corporate S SID The SSID of your c orporate wireless infrastructure to which the ClickShare Buttons will connect.

Click Next to continue with the upload of the client certiﬁcate.

Click Upload Client Certiﬁcate.

The client certiﬁcate you provide s hould be signed by the authoritative roo t CA in your domain and should be linked to the user y ou

specify in the Identity ﬁeld. Also, m ake sure that the client certiﬁcate you provide contains the private key – this is necessary to set

up the TLS c onnection successfully.

3. NDES White Paper: http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs-en-us.aspx

46 R5900023 CLICKSHARE CSE-200 24/05/2017