SecureW2 Client for Windows Administrator Guide. Version 2.2

Similar documents
How to configure SecureW2

Nimsoft Service Desk. Single Sign-On Configuration Guide. [assign the version number for your book]

Symantec Managed PKI. Integration Guide for ActiveSync

TippingPoint Best Practice Guide. RADIUS PEAP Configuration for IPS Devices and Cisco ACS. Version:

Symantec Validation & ID Protection Service. Integration Guide for Microsoft Outlook Web App

Copyright

BEFORE INSTALLATION: INSTALLATION:

Partner Information. Integration Overview. Remote Access Integration Architecture

Quick Start Program Installation Guide

Upgrading BankLink Books

Assureon Installation Guide Client Certificates. for Version 6.4

Configuring EAP for Wireless Network Connectivity By Victor Zapata

TRANSPARENT AUTHENTICATION GUIDE

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls

Threat Analysis Reporter

Partner Information. Integration Overview Authentication Methods Supported

Dell Secure Mobile Access Connect Tunnel Service User Guide

Instructions for connecting to the FDIBA Wireless Network. (Windows XP)

Microsoft Office Communicator Call Control with Microsoft OCS for IM and Presence Service on Cisco Unified Communications Manager, Release 11.

Genesys Security Deployment Guide. What You Need

Enterprise Vault Requesting and Applying an SSL Certificate and later

Upgrade Guide. NovaBACKUP xsp NovaStor. All Rights Reserved.

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

User s GUIDE. Webwasher Spam Reporter Version 1.0.

Instructions for connecting to the FDIBA Wireless Network (Windows Vista)

Installation and Configuration Guide

Wired Dot1x Version 1.05 Configuration Guide

QUICK CONFIGURATION GUIDE

Internet access system through the Wireless Network of the University of Bologna (last update )

One Identity Quick Connect for Base Systems 2.4. Administrator Guide

NCD ThinPATH PC Installation Guide and Release Notes

Steel-Belted RADIUS. Digipass Plug-In for SBR. SBR Plug-In SBR. G etting Started

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N Rev 01 July, 2012

Cloud Access Manager Configuration Guide

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

GTA SSO Auth. Single Sign-On Service. Tel: Fax Web:

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

One Identity Active Roles 7.2. Replication: Best Practices and Troubleshooting Guide

Application notes for supporting third-party certificate in Avaya Aura System Manager 6.3.x and 7.0.x. Issue 1.3. November 2017

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Guest Management Software Administrator Guide. Installation and Getting Started Guide Administrator Guide

Installation and Configuration Guide

NBC-IG Installation Guide. Version 7.2

Migrating BlackBerry-enabled mailboxes from Microsoft Exchange 5.5 to Microsoft Exchange 2000

Using SSL to Secure Client/Server Connections

VMware AirWatch Certificate Authentication for EAS with ADCS

VERITAS StorageCentral 5.2

Oracle Enterprise Single Sign-on Provisioning Gateway

Manually Configuring Windows 7 for Wireless PittNet

AMS Device View Installation Guide. Version 2.0 Installation Guide May 2018

Blue Coat Security First Steps Solution for Controlling HTTPS

Authorized Send User s Guide Version 4.0

Wavecrest Certificate SHA-512

Quest Migration Manager Upgrade Guide

x10data Smart Client 6.5 for Windows Mobile Installation Guide

Symantec Ghost Solution Suite Web Console - Getting Started Guide

V1.0 Nonkoliseko Ntshebe October 2015 V1.1 Nonkoliseko Ntshebe March 2018

Certificate Renewal on Cisco Identity Services Engine Configuration Guide

VMware AirWatch Integration with RSA PKI Guide

Copyright SolarWinds. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled,

Secure IIS Web Server with SSL

NetApp Cloud Volumes Service for AWS

Installation and configuration guide

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

By Anthony di Donato. Citrix Systems, Inc.

Digipass Plug-In for SBR. SBR Plug-In SBR. Steel-Belted RADIUS. Installation G uide

ms-help://ms.technet.2004apr.1033/ad/tnoffline/prodtechnol/ad/windows2000/howto/mapcerts.htm

Manually Configuring Windows 8 for Wireless PittNet

Microsoft Dynamics GP Web Client Installation and Administration Guide For Service Pack 1

FAQ about Communication

VMware AirWatch Integration with SecureAuth PKI Guide

Secure ACS for Windows v3.2 With EAP TLS Machine Authentication

20411D D Enayat Meer

Veritas Enterprise Vault Setting up IMAP 12.1

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

HYCU SCOM Management Pack for F5 BIG-IP

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

Configuration Note. snom 360 Phone with VX for Branch Survivability. Release 1.0

Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication

Authlogics Forefront TMG and UAG Agent Integration Guide

SolarWinds. Migrating SolarWinds NPM Technical Reference

Symantec Mobile Management 7.1 Implementation Guide

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

For my installation, I created a VMware virtual machine with 128 MB of ram and a.1 GB hard drive (102 MB).

x10data Smart Client 7.0 for Windows Mobile Installation Guide

Symantec Mobile Management User Guide. Version 7.0 SP3

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

x10data Application Platform v7.1 Installation Guide

Symantec Protection Center Getting Started Guide. Version 2.0

Upgrading to Act! v20 from ACT! 3.x, 4.x, 5.x (2000), or 6.x (2004)

Using the Cisco Unified Wireless IP Phone 7921G Web Pages

Configuring EAP-FAST CHAPTER

This help covers the ordering, download and installation procedure for Odette Digital Certificates.

Web Applications Installation. version

Application Note Using SiteManager as Web Proxy And/or Mail Relay Server

Authorized Send User s Guide for imagerunner Machines Version 4.1

Agilent OpenLAB Data Store Administration. Guide for Administrators

Transcription:

SecureW2 Client for Windows Administrator Guide Version 2.2

The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Copyright Notice Copyright 2004 Alfa & Ariss All rights reserved Released: August 2004 This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form without prior consent in writing from Alfa & Ariss (alfa-ariss.com/securew2.com). Every effort has been made to ensure the accuracy of this manual. However, Alfa & Ariss makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Alfa & Ariss shall not be liable for any errors or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information of this document is subject to change without notice. Trademarks SecureW2 is a trademark of Alfa & Ariss. Other product names mentioned in this manual may be trademarks or registered trademarks of their related companies and are the sole property of their respective manufacturers. SecureW2 Client for Windows Administrator Guide 2

Table of Contents Preface...4 Configuration...5 Basic INF File...5 Global Configuration...6 Certificate configuration...6 Retrieving/Converting Certificates...7 SSID Configuration...9 Profile Configuration...10 Connection attributes...10 Certificate attributes...11 Authentication attributes...12 User attributes...12 Advanced attributes...13 Setup...15 Building your own setup...15 SecureW2 Client for Windows Administrator Guide 3

Preface Preface SecureW2 2.2.x now supports the use of a pre-configuration file. This file allows administrators to distribute a copy of a pre-configured SecureW2 that also automatically installs the correct certificates. Further more it is possible to query the user for their credentials during installation. This guide shows how to make use of the pre-configuration script supported by SecureW2 2.2.x. SecureW2 Client for Windows Administrator Guide 4

Configuration The SecureW2 pre-configuration file is based on a Microsoft INF File. There are different sections each depicting how SecureW2 is to be configured. Basic INF File Each INF file must contain the following, if not SecureW2 will not be able to read the file: [Version] Signature = "$Windows NT$" Provider = "Alfa & Ariss" Config = 3 Comments can be added in the INF file using a semicolon. A semicolon is also used to disable lines. s that are not defined will be set to their Default value. Example of a comment in the INF file: This is a comment Example of a disabled line in the INF file: attribute1 = I am disabled attribute2 = I am not disabled SecureW2 Client for Windows Administrator Guide 5

Global Configuration Currently the global configuration only depicts which certificates must be installed. Certificate configuration The Certificates section contains the certificate chain that is to be installed on the local computer. The Certificates section is defined using the following tag: [Certificates] In the Certificates section you must define your certificate chain. The following attributes define a certificate: Certificate.n The value n should start at 0 and be incremented with each new certificate. The location of the certificate. The path is relative to where the installer is executed. Currently only DER encoded X.509 certificates are supported. Certificate.0 must always refer to the TTLS Server certificate. The rest of the chain ( Certificate.n ) should refer to certificates that are either Subordinate CA s or Root CA s. The following example shows a certificate chain containing a TTLS certificate, a Subordinate CA certificate and the Root CA certificate: [Certificates] Certificate.0 = ttls.cer Certificate.1 = subca.cer Certificate.2 = rootca.cer SecureW2 Client for Windows Administrator Guide 6

Retrieving/Converting Certificates To retrieve your CA and TTLS certificates and convert them to DER encoding you can use the following options: 1. On your radius server simply use the following openssl command to convert your CA and TTLS PEM certificates to DER encoding: openssl x509 -inform PEM -outform DER -in ttls.pem out ttls.der 2. On a computer (Windows) running SecureW2 that already trusts your TTLS server the certificates have already been installed in the local certificate store of that computer. To retrieve the certificates you can use the Microsoft Management Console and the Certificates snap-in: Figure 1 MMC Certificate snap-in SecureW2 Client for Windows Administrator Guide 7

To use the MMC do the following: a. Click on the Start menu b. Click on the Run option c. Enter the following command: mmc This will start-up a new Microsoft Management Console in which you can add snap-ins allowing you to control the different aspects of your computer. d. Select File in the top menu e. Select Add/Remove snap-in You are presented with the Add/Remove snap-in window in which you can select the snap-in s you wish to use. f. In Standalone tab click on the Add button You are now presented with the Add snap-in window showing the different snap-in s that are available. g. Select the Certificates snap-in and click on the Add button. h. When asked which certificates are to be managed select Computer account. i. When asked for which computer the certificates are to be managed select Local computer and click on Finish. j. Click on Close to return to the Add/Remove snap-in window that now shows the Certificates snap-in. k. Click on Ok to return to the main MMC window. l. To find the CA certificate installed by SecureW2 expand the certificates snap-in so you can view the certificates in the Trusted Root Certification Authorities. m. Look for your CA certificates and right click on the certificate and select All Tasks and then Export. n. You are now presented with the Certificate Export Wizard. Run through the wizard and export the certificates using DER encoding to a location of your choosing. SecureW2 Client for Windows Administrator Guide 8

SSID Configuration A profile has to be assigned to each SSID that is going to use SecureW2. A SSID section is defined using the following tag: [SSID.n] Where n is the number of the SSID section. This number must start at 1 and be incremented with each new SSID section. Per SSID section you must define the following attributes: NAME Profile Name of the SSID. Name of the Profile that this SSID should use. The following example shows 2 SSIDs and the profiles that they will use: [SSID.1] Name = MYSSID Profile = "AENA" [SSID.2] Name = HOMESSID Profile = "HOME" SecureW2 Client for Windows Administrator Guide 9

Profile Configuration A SecureW2 profile contains the configuration used by SecureW2 when connecting to an SSID. A Profile section is defined using the following tag: [Profile.n] Where n is the number of the Profile section. This number must start at 1 and be incremented with each new Profile section. Each profile must have the following attribute defined: NAME Name of the Profile. s that are not defined in a Profile section will be set to their Default value. Per Profile section you can define the following attributes: Connection attributes UseAlternateIdentity UseAnonymousIdentity AlternateOuterIdentity EnableSessionResumption Enabling this option instructs SecureW2 to use an alternate outer identity. Default : TRUE Enabling this option instructs SecureW2 to use an Anonymous outer identity. Default : TRUE The value defined by this attribute is used as the outer identity. This option is only valid if UseAnonymousIdentity is FALSE. Default : EMPTY Enabling this option instructs SecureW2 to use session resumption (quick connect). Default : FALSE SecureW2 Client for Windows Administrator Guide 10

Certificate attributes VerifyServerCertificate SpecifyRootCA TrustedRootAuthority Enabling this option instructs SecureW2 verify the TTLS server certificate. Default : TRUE Enabling this option instructs SecureW2 to only accept certificates issued by the CA defined in TrustedRootAuthority. If FALSE SecureW2 will use the default Windows Certificate trust. Default : FALSE The value defining by this attribute is the hexadecimal string of the SHA1 hash of the Trusted Root CA certificate. SecureW2 uses this to find the correct Root CA certificate installed on the local computer. VerifyServerName To retrieve the hexadecimal SHA1 value of a certificate in Windows, double-click on the certificate. In the Certificate window select the Details tab. The SHA1 value is listed as the Thumbprint. Using openssl use the following command: openssl sha1 < ttls.cer The hexadecimal string should not contain spaces. Default : EMPTY The value defining by this attribute is the string used to verify the common name in the certificate of the TTLS server. Default : EMPTY SecureW2 Client for Windows Administrator Guide 11

Authentication attributes AuthenticationMethod EAPType The value defining by this attribute is the authentication method used by SecureW2 to authenticate the user. Currently this can be two values: PAP or EAP Default : PAP If EAP has been selected as the AuthenticationMethod the value defined by this attribute is the EAP-Type that is to be used. The following EAP methods are available: 4 = EAP-MD5 26 = EAP-MSCHAP v2 : Numeric Default value: 0 User attributes PromptUserForCredentials UserName Enabling this option instructs SecureW2 to prompt the user for credentials during authentication. Default : TRUE If the attribute PromptUserForCredentials is FALSE then setting this value to PROMPTUSER instructs the SecureW2 installer to prompt the user for credentials during installation. : PROMPTUSER Default : EMPTY SecureW2 Client for Windows Administrator Guide 12

Advanced attributes ServerCertificateOnLocalComputer CheckForMicrosoftExtension AllowNewConnections RenewIPAddress Enabling this option instructs SecureW2 to verify if the TTLS certificate is installed on the local computer. Default : FALSE Enabling this option instructs SecureW2 to verify if the TTLS certificate contains the correct Microsoft Extended Key Usage. Default : FALSE Enabling this option instructs SecureW2 to allow users to setup new connections. Default : FALSE Enabling this option instructs SecureW2 renew the DHCP IP Address of the authenticating adapter. Default : FALSE SecureW2 Client for Windows Administrator Guide 13

The following example shows all options that can be configured for a profile: Configuration [Profile.1] Name = "AENA" Connection UseAlternateIdentity = FALSE UseAnonymousIdentity = FALSE AlternateOuterIdentity = username@domain.com EnableSessionResumption = TRUE Certificates VerifyServerCertificate = TRUE SpecifyRootCA = TRUE TrustedRootAuthority = ea7b4e3ed43f095cc0763f3cd851d977e33be0f9 VerifyServerName =.domain.com Authentication AuthenticationMethod = EAP EAPType = 4 MD5-Challenge (EAP-MD5) User Account PromptUserForCredentials = FALSE UserName = PROMPTUSER Advanced ServerCertificateOnLocalComputer = TRUE CheckForMicrosoftExtension = TRUE AllowNewConnections = TRUE RenewIPAddress = TRUE SecureW2 Client for Windows Administrator Guide 14

Setup Setup Once you have setup your configuration file the SecureW2 installer can use this file to automate the installation process. The first step is to rename your configuration file to SecureW2.INF. The SecureW2 installer searches for a SecureW2.INF file during installation. If found it executes the script. If not found it will continue as usual. SecureW2 uses the current directory in which it was executed to search for the SecureW2.INF file. Building your own setup For customers with a site license allowing them to distribute SecureW2 in their organization it is possible to package the SecureW2.inf, SecureW2_220.exe and certificates in an installation program that unpacks the file to a temporary directory and then runs the installer. NOTE: it is important that the SecureW2 installation program is visible to the user due to the license agreement. An example of such an installation program is NSIS, a free open source installer from NULLSoft. The following link is an NSIS installer example script for SecureW2 that allows you to create your own SecureW2 installer: http://www.securew2.com/uk/resources/securew2/v2/securew2_exampl e.nsi SecureW2 Client for Windows Administrator Guide 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback