Wifi Settings, Wireless Client, Eap-Ttls - Barco ClickShare CSE-200+ Installation Manual

Using SCEP
The Simple Certificate Enrolment Protocol (SCEP) is a protocol which enables issuing and revoking of
certificates in a scalable way. SCEP support is included to allow a quicker and smoother integration of the
ClickShare Base Unit and Buttons into the corporate network. Since most companies are using Microsoft
Windows Server and its active directory (AD) to manage users and devices our SCEP implementation is
specifically targeted at the Network Device Enrolment Service (NDES) which is part of Windows Server 2008
R2 and Windows Server 2012. No other SCEP server implementations are supported.
Image 6-23: WiFi Settings, Wireless Client, EAP-TLS, SCEP
SCEP ServerIP/
hostname
SCEP User name
SCEP Password
Click Save Changes to save the settings.

6.14 WiFi settings, Wireless Client, EAP-TTLS

About EAP-TTLS
EAP-TTLS (Tunneled Transport Layer Security) is an EAP implementation by Juniper networks. It is designed
to provide authentication that is as strong as EAP-TLS, but it does not require each user to be issued a
certificate. Instead, only the authentication servers are issued certificates. User authentication is performed by
password, but the password credentials are transported in a securely encrypted tunnel established based
upon the server certificates.
User authentication is performed against the same security database that is already in use on the corporate
LAN: for example, SQL or LDAP databases, or token systems. Since EAP-TTLS is usually implemented in
corporate environments without a client certificate we have not included support for this. If you prefer using
client certificates per user we suggest using EAP-TLS.
How to start up for EAP-TTLS
1. Log in to the Configurator.
2. Click Wi-Fi & Network → WiFi Settings.
3. When the Operational Mode is Wireless Client, select Authentication Mode. Click on the drop down list and
select EAP-TTLS.
This is the IP or hostname of the Windows Server in your network running the NDES
service. By default HTTP is used.
E.g.: http://myserver or http://10.192.5.1
This is a user in your Active Directory which has the required permission to access the
NDES service and request the challenge password. To be sure of this, the user should
be part of the CA Administrators group (in case of a stand-alone CA) or have enroll
permissions on the configured certificate templates.
The corresponding password for the identity that you are using to authenticate on the
corporate network. Per Base Unit, every Button uses the same identity and password
to connect to the corporate network.
CSE-200+ Configurator
R5900087 /04 ClickShare CSE-200+ 69