Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse 3040 Thin Client
41424344454647484950
be sure that the CA certificate name is correct in the 802.1x INI parameter. For more information, see Dell Wyse ThinLinux
INI Guide.
If you are using CA certificate for 802.1x authentication, then use the ImportCerts INI parameter to import CA certificates
into the device. Ignoring CA certificate is considered as the default option, if the CA certificate name is not included in the
8021x INI configuration.
Domain List INI parameter is required to display the available domains on the GDM login screen.
EAP-PEAP (MSCHAPv2) 802.1x authentication can be configured in two different modes:
User Authentication
Machine Authentication
EAP-PEAP MSCHAPv2 user authentication
To authenticate 802.1x by using an Active Directory username account:
1. Turn on your thin client device.
After the INI is downloaded to the thin client, you can access the domain that is configured in the INI from the domain drop-
down list on the GDM Login screen.
2. On the GDM login screen, select the domain, and then enter the user domain credentials.
3. Click Log in.
The 802-1 authentication automatically starts.
NOTE:
The GDM Authentication module performs the Network Manager configuration required for 802.1x PEAP
(MSCHAPv2) authentication by using the credentials entered and 802.1x configurations from INI. Then, it reinitializes
the network to do a direct 802.1x authentication with the switch.
If log in is successful, then the thin client gets IP address from the protected VLAN and you can start the local thin
client session (GNOME session). You can also start RDP, ICA, PCOIP sessions using the same domain credentials
provided in the GDM login. These credentials will be preexisting in the connection manager, and you need not renter the
same again.
NOTE:
If you set Is802DirectEnabled=yes, the direct authentication is enabled which will trigger the 802.1x
authentication from the GDM login screen. In this case the ActiveDirectoryServer parameter is not required.
If you set Is802DirectEnabled=no, the 802.1x authentication is triggered after the user logs in to the thin client. In
this case you need to include the ActiveDirectoryServer parameter in the INI.
If log in is unsuccessful, the 802.1x authentication fails and the thin client remains in the Guest VLAN.
4. When you log out or restart the device, thin client will again move to Guest VLAN by sending an EAPOL logoff to switch and
disabling the 802.1x configuration at Network Connections applet.
The following is an example of the INI configuration for EAP-PEAP (MSCHAPv2) 802.1x User authentication.
For AD and Domain settings
DomainList=npac.local DisableDomain=no
For Imports Certficates
ImportCerts=no
For 802.1x Configuration
Enable802=yes Authentication=PEAP InnerAuthentication=MSCHAPv2 PromptPassword=no
AuthMode=User Is802DirectEnabled=yes CACertificate=SCEP PeapVersion=Auto
EAP-PEAP MSCHAPv2 machine authentication
To enable EAP-PEAP (MSCHAPv2) machine authentication:
Your machine must have an account created in the Active Directory database with Hostname as the username field.
48
Configuring thin client settings locally