Administrator Guide
NOTE: EAP-TLS security requires client side and server side certificates for mutual authentication. Every user and client,
including the authentication server that participates in EAP-TLS, must have at least the following two certificates:
● Client certificate signed by the certificate authority (CA).
● Copy of the CA root certificate.
NOTE: Dell recommends you to set INI values for all the 802.1x parameters because these parameters are part of the
persistent registry which will remain across the reboot and if any parameter is not set, it will take the previously set value,
which may show inconsistent behaviors.
EAP-PEAP MSCHAPv2 authentication workflow
When a Linux thin client is initially connected to the network, the thin client obtains Guest VLAN resources by default, that is TC
should be able to reach INI server to fetch the INI configurations required for 802.1x configuration.
Pre-requisites for EAP-PEAP (MSCHAPv2) 802.1x authentication:
● Make sure that the INI file has the configurations for 802.1x, Active Directory server, and Domain and Import certs. If you are
pushing a CA certificate by using the Dell Wyse Device Manager (WDM), the Imports Certs INI is not required, but you must
Configuring thin client settings locally
47