Specifications

ManualsBrandsSEWOO ManualsComputer equipmentLK-P43

When Advanced →

EAP Anonymous Identity

Anonymous identity string for EAP (to be used as the unencrypted identity with EAP types that

support different tunnelled identity, e.g., EAP-TTLS).

EAP Phase 1 String

Phase1 (outer authentication, i.e., TLS tunnel) parameters (string with eld-value pairs, e.g.,

“peapver=0”). ‘peap_outer_success=0’ can be used to terminate PEAP authentication on tunneled

EAP-Success. This is required with some RADIUS servers that implement draft-josefsson-pppext-

eap-tls-eap-05.txt (e.g., Lucent NavisRadius v4.4.0 with PEAP in “IETF Draft 5” mode

url : http://www.watersprings.org/pub/id/draft-josefsson-pppext-eap-tls-eap-05.txt).

‘include_tls_length=1’ can be used to force pa_supplicant to include LS Message Length eld in all

TLS messages even if they are not fragmented.

‘sim_min_num_chal=3’ can be used to congure EAP-SIM to require three challenges (by default,

it accepts 2 or 3). ‘result_ind=1’ can be used to enable EAP-SIM and EAP-AKA to use protected

result indication.

crypto_binding’ option can be used to control PEAPv0 cryptobinding behavior:

0 = Do not use cryptobinding.

1 = Use cryptobinding if server supports it (default).

2 = Require cryptobinding.

EAP Phase 2 String

Phase2 (inner authentication with TLS tunnel) parameters (string with eld-value pairs, e.g.,

“auth=MSCHAPV2” for EAP-PEAP or “autheap=MSCHAPV2 autheap=MD5” for EAP-TTLS).

The following certicate/private key elds are used in inner Phase2 authentication when using

EAP-TTLS or EAP-PEAP.

ca-cert2-lename:

client-cert2-lename: Client certicate le name.

priv-key2-lename: Path to client private key le name.

priv-key2-password: Password for private key le name.

dh-parm2-lename: DH/DSA parameters le name (in PEM format).

subject_match2: Substring to be matched against the subject of the authentication server certicate.

altsubject_match2: Substring to be matched against the alternative subject name of the authentication

server certicate.

File path to CA certicate le. This le can have one or more trusted CA certicates.

If ca-cert2-lename is not included the server certicate will not be veried.

This is insecure and a trusted CA certicate should always be congured.

EAP Subject Match String

Substring to be matched against the subject of the authentication server certicate. If this string

is set, the server certicate is only accepted if it contains this string in the subject.

The subject string is in following format:

/C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com

EAP Alternate Subject Match/Match2 String

Semicolon separated string of entries to be matched against the alternative subject name

of the authentication server certicate. If this string is set, the server certicate is only

accepted if it contains one of the entries in an alternative subject name extension.

altSubjectName string is in

TYPE:VALUE format.

Example:

EMAIL:server@example.com

Example:

DNS:server.example.com;

DNS:server2.example.com Following types are supported:

EMAIL, DNS, URI

CA Certicate 2 File Name

The CA certicate 2 le name. (PEM/DER) This le can have one or more trusted CA

certicates. A trusted CA certicate should always be congured when using EAP-TLS,

TTLS, or PEAP.

Client Certicate/Certicate2 File Name

The client certicate/certicate2 le name. (PEM/DER)

Private Key File Name

The client private key le name. (PEM/DER/PFX) When PKCS#12/PFX les are used the client-

cert-lename should not be used.

Private Key File Password

The password for the private key le.

Private Key 2 File Name

The password for the private key le.

Private Key File 2 Password

The client private key 2 le name. (PEM/DER/PFX) When PKCS#12/PFX les are

used the client-cert2-lename should not be used.