Motorola Solutions WiNG 5.2.6 Reference Manual page 431

LDAP Authentication Type
Enable CRL Validation
6. Set the following Session Resumption/Fast Reauthentication
re-established once terminated and require cached data to resume:
Enable Session Resumption
Cached Entry Lifetime
Maximum Cache Entries
7. Select OK to save the settings to the server policy configuration. Select
8. Select the Client tab and ensure the
The access point uses a RADIUS client as a mechanism to communicate with a central server to authenticate users
and authorize access.
The client and server share a secret. That shared secret followed by the request authenticator is put through a MD5
hash to create a 16 octet value used with the password entered by the user. If the user password is greater than 16
octets, additional MD5 calculations are performed, using the previous ciphertext instead of the request authenticator.
The server receives a RADIUS access request packet and verifies the server possesses a shared secret for the client.
If the server does not possess a shared secret for the client, the request is dropped. If the client received a verified
access accept packet, the username and password are considered correct, and the user is authenticated. If the client
receives a verified access reject message, the username and password are considered to be incorrect, and the user is
not authenticated.
Use the drop-down menu to select the LDAP authentication scheme.
The following LDAP authentication types are supported by the external
LDAP resource:
All – Enables both TTLS and PAP and PEAP and GTC.
TTLS and PAP - The EAP type is TTLS with default authentication using
PAP.
PEAP and GTC - The EAP type is PEAP with default authentication using
GTC.
Select this option to enable a Certificate Revocation List (CRL) check.
Certificates can be checked and revoked for a number of reasons,
including the failure or compromise of a device using a certificate, a
compromise of a certificate key pair or errors within an issued
certificate. This option is disabled by default.
Select the checkbox to control volume and the duration cached data is
maintained by the server policy upon the termination of a server policy
session.The availability and quick retrieval of the cached data speeds
up session resumption.
Use the spinner control to set the lifetime (1 - 24 hours) cached data is
maintained by the RADIUS server policy. The default setting is 1 hour.
Use the spinner control to define the maximum number of entries
maintained in cache for this RADIUS server policy. The default setting
is 128 entries.
Activate RADIUS Server Policy
Services Configuration 8 - 39
settings to define how server policy sessions are
Reset to revert to the last saved configuration.
button remains selected.