Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows, OL-1394-05
Chapter 6 - Using EAP Authentication
Downloads: This chapterpdf (PDF - 520.0KB) The complete bookPDF (PDF - 4.22MB) | Feedback

Using EAP Authentication

Table Of Contents

Using EAP Authentication

Overview

Using LEAP

Using LEAP with the Windows Username and Password

After Profile Selection or Card Insertion

After a Reboot or Logon

After Your LEAP Credentials Expire

Using LEAP with an Automatically Prompted Login

After Profile Selection or Card Insertion

After a Reboot or Logon

After Your LEAP Credentials Expire

Using LEAP with a Manually Prompted Login

After Profile Selection

After a Reboot, Logon, or Card Insertion

After Your LEAP Credentials Expire

Using LEAP with a Saved Username and Password

After Profile Selection or Card Insertion

After a Reboot or Logon

After Your LEAP Credentials Expire

Using EAP-TLS

After Profile Selection or Card Insertion

After a Reboot or Logon

Using PEAP

After Profile Selection, Card Insertion, Reboot, or Logon

Windows NT or 2000 Domain Databases or LDAP Databases Only

OTP Databases Only

After Your Password Expires (Windows NT or 2000 Domain Databases Only)

After Your PIN Expires (OTP Databases Only)

Using EAP-SIM

If You Are Prompted for the PIN

If the PIN Is Stored on the Computer

Restarting the Authentication Process


Using EAP Authentication


This chapter explains the sequence of events that occurs and the actions you must take when a profile that is set for EAP authentication is selected for use.

The following topics are covered in this chapter:

Overview

Using LEAP

Using LEAP with the Windows Username and Password

Using LEAP with an Automatically Prompted Login

Using LEAP with a Manually Prompted Login

Using LEAP with a Saved Username and Password

Using EAP-TLS

Using PEAP

Using EAP-SIM

Restarting the Authentication Process

Overview

This chapter explains the sequence of events that occurs as soon as you or ACU's auto profile selection feature selects a profile that uses EAP authentication as well as after you eject and reinsert the client adapter, reboot the computer, log on while this profile is selected, or are informed that your username and password have expired. The chapter contains seven sections based on the profile's authentication type and its username and password settings:

LEAP with the Windows username and password, page 3

LEAP with an automatically prompted login, page 6

LEAP with a manually prompted login, page 9

LEAP with a saved username and password, page 13

EAP-TLS, page 15

PEAP, page 16

EAP-SIM, page 19

Also provided are an overview of LEAP (below) and instructions for restarting the authentication process when necessary (page 21).

Follow the instructions for your profile's authentication type and credential settings to successfully authenticate.


Note If any error messages appear during authentication, refer to Chapter 10 for explanations and recommended actions.


Using LEAP


Step 1 When LEAP authentication begins, the LEAP Authentication Status screen appears (see Figure 6-1).


Note The LEAP Authentication Status screen might appear behind any open applications.


Figure 6-1 LEAP Authentication Status Screen

This screen provides information about the status of LEAP authentication. Table 6-1 lists and explains the stages of LEAP authentication. As each stage is completed, a status message (such as Successful) appears in the Status field. If any error messages appear, refer to the "LEAP Authentication Error Messages" section for an explanation and the recommended action to take.

Table 6-1 Stages of LEAP Authentication

Stage
Explanation

Starting LEAP Authentication

The client adapter associates to an access point, and the LEAP authentication process begins.

Checking Link Status

The client adapter is LEAP authenticated, and the network connection is verified.

Renewing IP Address

If DHCP is enabled, the IP address is released and renewed.

Detecting IPX Frame Type

On Windows 2000 and XP, the IPX frame type is reset if AutoDetect is enabled.

Finding Domain Controller

If you are logging into a domain and the active profile specifies that the domain name be included, an attempt is made to find the domain controller to make sure subsequent access to the domain is successful.


Step 2 If you do not want the LEAP Authentication Status screen to appear each time the client adapter attempts to LEAP authenticate, check the Shown minimized next time check box in the bottom left corner of the screen. On future LEAP authentication attempts, the LEAP Authentication Status screen appears minimized in the Windows system tray.


Note To make the LEAP Authentication Status screen reappear once it has been minimized, click the LEAP Authentication Status tab in the Windows system tray and uncheck the Shown minimized next time check box. The LEAP Authentication Status screen should now appear for all future LEAP authentication attempts.



Using LEAP with the Windows Username and Password

After Profile Selection or Card Insertion

After you (or auto profile selection) select a profile that uses LEAP authentication and specifies that your Windows username and password also serve as your LEAP username and password or you eject and reinsert the client adapter while this profile is selected, the following events occur:

1. The LEAP Authentication Status screen appears.

2. If your client adapter authenticates, the screen shows that each stage was successful and then disappears. ACM now shows Authenticated, and the Server Based Authentication field on the ACU Status screen shows LEAP Authenticated.

If the authentication attempt fails, an error message appears after the LEAP timeout period has expired. Refer to the "LEAP Authentication Error Messages" section for the necessary action to take.

After a Reboot or Logon

After your computer reboots or you log on, follow the steps below to LEAP authenticate.


Step 1 When the Windows login screen appears (see Figure 6-2 and Figure 6-3), enter your Windows username and password and click OK. The domain name is optional.


Note If your computer is running Windows NT, 2000, or XP and has Novell Client 32 software installed, a separate LEAP login screen appears before the Novell login screen. If this occurs, enter your Windows and Novell username and password in the login screens and click OK.


Figure 6-2 Windows Login Screen (Windows 98, 98 SE, and Me)

Figure 6-3 Windows Login Screen (Windows NT)


Note The Windows login screens shown above appear on computers running Windows 98, 98 SE, and Me (Figure 6-2) and Windows NT (Figure 6-3), respectively. The login screen looks slightly different on computers running Windows 2000 and XP.


The LEAP Authentication Status screen appears.

Step 2 If your client adapter authenticates, the screen shows that each stage was successful and then disappears. ACM now shows Authenticated, and the Server Based Authentication field on the ACU Status screen shows LEAP Authenticated.

If the authentication attempt fails, an error message appears after the LEAP timeout period has expired. Refer to the "LEAP Authentication Error Messages" section for the necessary action to take.

Step 3 Windows continues to log you onto the system.


After Your LEAP Credentials Expire

If the LEAP credentials (username and password) for your current profile expire or become invalid, follow the steps below to reauthenticate.


Note If your computer is running Windows NT, 2000, or XP and you change your Windows password using the standard Windows Change Password function, the client updates the LEAP password automatically and maintains its connection to the access point if the current profile uses the Windows username and password. If your computer is running Windows 98, 98 SE, or Me and you change your Windows password, the client loses association from the access point, and you are prompted to enter your new credentials.



Step 1 Click OK when the following message appears: "The user name and password entered are no longer valid and have failed the LEAP authentication process. Please enter a new user name and password."

Step 2 When the Windows login screen appears, enter your new username and password and click OK. The client adapter should authenticate using your new credentials.


Note If you click Cancel rather than OK on the Windows login screen, the following message appears: "The profile will be disabled until you select the Reauthenticate option, Windows restarts, or the card is ejected and reinserted. Are you sure?" If you click No, the Windows login screen reappears and allows you to enter your new credentials. If you click Yes, the current profile is disabled until you select Reauthenticate from ACM or the Commands drop-down menu in ACU, reboot your computer, or eject and reinsert the card. The Current Profile field on the ACU Status screen lists the profile as being Disabled.



Using LEAP with an Automatically Prompted Login

After Profile Selection or Card Insertion

After you (or auto profile selection) select a profile that uses LEAP authentication but specifies that you be automatically prompted to enter a separate LEAP username and password or you eject and reinsert the client adapter while this profile is selected, follow the steps below to LEAP authenticate.


Note This procedure is applicable the first time an automatically prompted LEAP profile is selected. After you follow the steps below to enter your LEAP credentials, you can switch profiles without having to re-enter your credentials until you reboot your computer, eject and reinsert your client adapter, or change the profile in any way (including its priority in auto profile selection).



Step 1 When the LEAP login screen appears (see Figure 6-4), enter your LEAP username and password and click OK. The domain name is optional.

Figure 6-4 LEAP Login Screen


Note The LEAP login screen shown above appears on computers running Windows NT, 2000, or XP. The LEAP login screen looks slightly different on computers running other Windows operating systems.


The LEAP Authentication Status screen appears.

Step 2 If your client adapter authenticates, the screen shows that each stage was successful and then disappears. ACM now shows Authenticated, and the Server Based Authentication field on the ACU Status screen shows LEAP Authenticated.

If the authentication attempt fails, an error message appears after the LEAP timeout period has expired. Refer to the "LEAP Authentication Error Messages" section for the necessary action to take.


After a Reboot or Logon

After your computer reboots or you log on, follow the steps below to LEAP authenticate.


Step 1 When the LEAP login screen appears (see Figure 6-5), enter your LEAP username and password and click OK. The domain name is optional.

Figure 6-5 LEAP Login Screen


Note The LEAP login screen shown above appears on computers running Windows NT, 2000, or XP. The LEAP login screen looks slightly different on computers running other Windows operating systems.



Note The LEAP login screen should appear before the Windows login screen on computers running Windows 98, 98 SE, or Me. If the Windows screen appears first, follow the instructions in the "LEAP Login Screen Does Not Appear Before Windows Login Screen" section. On computers running Windows NT, 2000, or XP, the LEAP login screen appears after the Windows login screen.


The LEAP Authentication Status screen appears.

Step 2 If your client adapter authenticates, the screen shows that each stage was successful and then disappears. ACM now shows Authenticated, and the Server Based Authentication field on the ACU Status screen shows LEAP Authenticated.

If the authentication attempt fails, an error message appears after the LEAP timeout period has expired. Refer to the "LEAP Authentication Error Messages" section for the necessary action to take.

Step 3 When the network login screen appears (see Figure 6-6 and Figure 6-7), enter your network username and password and click OK.


Note Figure 6-6 shows an example network login screen that may appear on computers running Windows 98, 98 SE, and Me. Your screen may look different. Figure 6-7 shows the network login screen that appears on Windows 2000 systems. The login screen looks slightly different on computers running Windows NT and XP.


Figure 6-6 Network Login Screen (Windows 98, 98 SE, and Me)

Figure 6-7 Network Login Screen (Windows 2000)


After Your LEAP Credentials Expire

If the LEAP credentials (username and password) for your current profile expire or become invalid, follow the steps below to reauthenticate.


Step 1 Click OK when the following message appears: "The user name and password entered are no longer valid and have failed the LEAP authentication process. Please enter a new user name and password."

Step 2 When the LEAP login screen appears, enter your new username and password and click OK. The client adapter should authenticate using your new credentials.


Note If you click Cancel rather than OK on the LEAP login screen, the following message appears: "The profile will be disabled until you select the Reauthenticate option, Windows restarts, or the card is ejected and reinserted. Are you sure?" If you click No, the LEAP login screen reappears and allows you to enter your new credentials. If you click Yes, the current profile is disabled until you select Reauthenticate from ACM or the Commands drop-down menu in ACU, reboot your computer, or eject and reinsert the card. The Current Profile field on the ACU Status screen lists the profile as being Disabled.



Using LEAP with a Manually Prompted Login

After Profile Selection

After you (or auto profile selection) select a profile that uses LEAP authentication but specifies that the process be manually invoked, follow the steps below to LEAP authenticate.


Note This procedure is applicable the first time a manual LEAP profile is selected. After you follow the steps below to enter your LEAP credentials, you can switch profiles without having to re-enter your credentials until you reboot your computer, eject and reinsert your client adapter, or change the profile in any way (including its priority in auto profile selection).



Step 1 Perform one of the following:

If you select a manual LEAP profile from the Use Selected Profile drop-down box, the LEAP login screen appears (see Figure 6-8).

Figure 6-8 LEAP Login Screen

Enter your LEAP username and password and click OK. The domain name is optional.


Note The LEAP login screen shown above appears on computers running Windows NT, 2000, or XP. The LEAP login screen looks slightly different on computers running other Windows operating systems.


If auto profile selection selects a manual LEAP profile, you must select the Manual LEAP Login option from the Commands drop-down menu (see Figure 6-9).

Figure 6-9 Commands Drop-Down Menu

When the LEAP login screen appears (see Figure 6-8), enter your LEAP username and password and click OK. The domain name is optional.

Step 2 The LEAP Authentication Status screen appears. If your client adapter authenticates, the screen shows that each stage was successful and then disappears. ACM now shows Authenticated, and the Server Based Authentication field on the ACU Status screen shows LEAP Authenticated.

If the authentication attempt fails, an error message appears after the LEAP timeout period has expired. Refer to the "LEAP Authentication Error Messages" section for the necessary action to take.


After a Reboot, Logon, or Card Insertion

After your computer reboots, you log on, or you eject and reinsert the client adapter, the adapter does not automatically attempt to authenticate. You must manually invoke the authentication process. To do so, follow the steps below.


Step 1 If you rebooted your computer or logged on, complete your standard Windows login.

Step 2 Open ACU.

Step 3 Select the Manual LEAP Login option from the Commands drop-down menu (see Figure 6-10).

Figure 6-10 Commands Drop-Down Menu

Step 4 When the LEAP login screen appears (see Figure 6-11), enter your LEAP username and password and click OK. The domain name is optional.

Figure 6-11 LEAP Login Screen


Note The LEAP login screen shown above appears on computers running Windows NT, 2000, or XP. The LEAP login screen looks slightly different on computers running other Windows operating systems.


The LEAP Authentication Status screen appears.

Step 5 If your client adapter authenticates, the screen shows that each stage was successful and then disappears. ACM now shows Authenticated, and the Server Based Authentication field on the ACU Status screen shows LEAP Authenticated.

If the authentication attempt fails, an error message appears after the LEAP timeout period has expired. Refer to the "LEAP Authentication Error Messages" section for the necessary action to take.


After Your LEAP Credentials Expire

If the LEAP credentials (username and password) for your current profile expire or become invalid, follow the steps below to reauthenticate.


Step 1 Click OK when the following message appears: "The user name and password entered are no longer valid and have failed the LEAP authentication process. Please enter a new user name and password."

Step 2 When the LEAP login screen appears, enter your new username and password and click OK. The client adapter should authenticate using your new credentials.


Note If you click Cancel rather than OK on the LEAP login screen, the following message appears: "The profile will be disabled until you select the Reauthenticate option, Windows restarts, or the card is ejected and reinserted. Are you sure?" If you click No, the LEAP login screen reappears and allows you to enter your new credentials. If you click Yes, the current profile is disabled until you select Reauthenticate from ACM or the Commands drop-down menu in ACU, reboot your computer, or eject and reinsert the card. The Current Profile field on the ACU Status screen lists the profile as being Disabled.



Using LEAP with a Saved Username and Password

After Profile Selection or Card Insertion

After you (or auto profile selection) select a profile that uses LEAP authentication with a saved LEAP username and password or you eject and reinsert the client adapter while this profile is selected, the following events occur:

1. The LEAP Authentication Status screen appears.

2. If your client adapter authenticates, the screen shows that each stage was successful and then disappears. ACM now shows Authenticated, and the Server Based Authentication field on the ACU Status screen shows LEAP Authenticated.

If the authentication attempt fails, an error message appears after the LEAP timeout period has expired. Refer to the "LEAP Authentication Error Messages" section for the necessary action to take.

After a Reboot or Logon

After your computer reboots or you log on, the following events occur:

1. After you enter your Windows username and password, the LEAP authentication process begins automatically using your saved LEAP username and password.


Note If you unchecked the No Network Connection Unless User Is Logged In check box on the LEAP Settings screen, the LEAP authentication process begins before the Windows login screen appears.


2. If your client adapter authenticates, the screen shows that each stage was successful and then disappears. ACM now shows Authenticated, and the Server Based Authentication field on the ACU Status screen shows LEAP Authenticated.

If the authentication attempt fails, an error message appears after the LEAP timeout period has expired. Refer to the "LEAP Authentication Error Messages" section for the necessary action to take.

3. Windows continues to log you onto the system.

After Your LEAP Credentials Expire

If the LEAP credentials (username and password) for your current profile expire or become invalid, follow the steps below to reauthenticate.


Step 1 Click OK when the following message appears: "The saved user name and password entered for this profile are no longer valid and have failed the LEAP authentication process. Please enter a new user name and password. Remember to change them permanently in the profile using the ACU Profile Manager."

Step 2 When the LEAP login screen appears, enter your new username and password and click OK. The client adapter should authenticate using your new credentials.


Note If you click Cancel rather than OK on the LEAP login screen, the following message appears: "The profile will be disabled until you select the Reauthenticate option, Windows restarts, or the card is ejected and reinserted. Are you sure?" If you click No, the LEAP login screen reappears and allows you to enter your new credentials. If you click Yes, the current profile is disabled until you select Reauthenticate from ACM or the Commands drop-down menu in ACU, reboot your computer, or eject and reinsert the card. The Current Profile field on the ACU Status screen lists the profile as being Disabled.


Step 3 Edit the profile in ACU by changing the saved username and password on the LEAP Settings screen.

Step 4 Click OK three times to save the changes to your profile.


Using EAP-TLS

After Profile Selection or Card Insertion

After you (or auto profile selection) select a profile that uses host-based EAP authentication and you configure the card in Windows (provided Windows is using the Microsoft 802.1X supplicant) for EAP-TLS authentication or you eject and reinsert the client adapter while this profile is selected, follow the steps below to EAP authenticate.


Step 1 If your computer is running Windows XP and a pop-up message appears above the Windows system tray informing you that you need to accept a certificate to begin the EAP authentication process, click the message and follow the instructions provided to accept the certificate.


Note You should not have to accept a certificate for future authentication attempts. After you accept one, the same certificate is used subsequently.


Step 2 If a message appears indicating the root certification authority for the server's certificate, and it is the correct certification authority, click OK to accept the connection. Otherwise, click Cancel.

Step 3 If a message appears indicating the server to which your client adapter is connected, and it is the correct server to connect to, click OK to accept the connection. Otherwise, click Cancel.

Step 4 The client adapter should now EAP authenticate. To verify authentication, double-click My Computer, Control Panel, and Network Connections. The status appears to the right of your Wireless Network Connection. Click View and Refresh to obtain the current status. If the client adapter is authenticated, the status reads Authentication succeeded.


After a Reboot or Logon

After your computer reboots or you log on using your Windows username and password, the EAP authentication process begins automatically and the client adapter should EAP authenticate.

To verify authentication, double-click My Computer, Control Panel, and Network Connections. The status appears to the right of your Wireless Network Connection. Click View and Refresh to obtain the current status. If the client adapter is authenticated, the status reads Authentication succeeded.

Using PEAP

After Profile Selection, Card Insertion, Reboot, or Logon

After you (or auto profile selection) select a profile that uses host-based EAP authentication and you configure the card in Windows (provided Windows is using the Microsoft 802.1X supplicant) for PEAP authentication, follow the steps in one of the sections below, depending on your user database, to EAP authenticate.


Note These instructions are applicable after profile selection, card ejection and re-insertion, reboot, or logon.


Windows NT or 2000 Domain Databases or LDAP Databases Only


Step 1 If your computer is running Windows XP, a pop-up message appears above the Windows system tray informing you that you need to select a certificate or other credentials to access the network. Click this message.

Step 2 If a message appears indicating the root certification authority for the server's certificate and it is the correct certification authority, click OK to accept the connection. Otherwise, click Cancel.

Step 3 If a message appears indicating the server to which your client adapter is connected and it is the correct server to connect to, click OK to accept the connection. Otherwise, click Cancel.

Step 4 Perform one of the following:

If your computer is running Windows 2000, the Static Password screen appears (see Figure 6-12).

If your computer is running Windows XP, a pop-up message appears above the Windows system tray prompting you to process your logon information for your wireless network. Click this message. The Static Password screen appears (see Figure 6-12).

Figure 6-12 Static Password Screen

Step 5 Enter your PEAP authentication username and password (which are registered with the RADIUS server).

Step 6 If applicable, select your domain name from the drop-down list or type it in.

Step 7 Click OK. The client adapter should now EAP authenticate. To verify authentication, double-click My Computer, Control Panel, and Network Connections. The status appears to the right of your Wireless Network Connection. Click View and Refresh to obtain the current status. If the client adapter is authenticated, the status reads Authentication succeeded.

Step 8 If you also have a locally cached Windows password, you must change it manually in Windows to synchronize your passwords. To do so, press Ctrl-Alt-Delete, select Change Password, and enter your old password once and your new password twice.


OTP Databases Only


Step 1 If your computer is running Windows XP, a pop-up message appears above the Windows system tray informing you that you need to select a certificate or other credentials to access the network. Click this message.

Step 2 If a message appears indicating the root certification authority for the server's certificate and it is the correct certification authority, click OK to accept the connection. Otherwise, click Cancel.

Step 3 If a message appears indicating the server to which your client adapter is connected and it is the correct server to connect to, click OK to accept the connection. Otherwise, click Cancel.

Step 4 Perform one of the following:

If your computer is running Windows 2000, the One Time Password screen appears (see Figure 6-13).

If your computer is running Windows XP, a pop-up message appears above the Windows system tray prompting you to process your logon information for your wireless network. Click this message. The One Time Password screen appears (see Figure 6-13).

Figure 6-13 One Time Password Screen

Step 5 Enter your PEAP authentication username in the User Name field.

Step 6 Select either the Hardware Token or Software Token option. If you select the Software Token option, the Password field on the One Time Password screen changes to the PIN field.


Note The Hardware Token and Software Token options are available only if you selected both of them on the Generic Token Card Properties screen during configuration. Otherwise, only the option you selected will be available.


Step 7 Enter either your hardware token password or your software token PIN.

Step 8 Click OK. The client adapter should now EAP authenticate. To verify authentication, double-click My Computer, Control Panel, and Network Connections. The status appears to the right of your Wireless Network Connection. Click View and Refresh to obtain the current status. If the client adapter is authenticated, the status reads Authentication succeeded.


After Your Password Expires (Windows NT or 2000 Domain Databases Only)

If you are using a Windows NT or 2000 domain database with PEAP and the password for your current user ID expires, follow the steps below to change your password.


Step 1 When the Change Password screen appears (see Figure 6-14) to indicate that your password has expired, enter your old password in the Old Password field.

Figure 6-14 Change Password Screen

Step 2 Enter your new password in both the New Password and Confirm New Password fields.


Note The password is also changed in the Windows NT or 2000 domain user database.


Step 3 Click OK. The client adapter should authenticate using your new password. To verify authentication, double-click My Computer, Control Panel, and Network Connections. The status appears to the right of your Wireless Network Connection. Click View and Refresh to obtain the current status. If the client adapter is authenticated, the status reads Authentication succeeded.


After Your PIN Expires (OTP Databases Only)

If you are using an OTP database with PEAP and the PIN for your current user ID expires, follow the steps below to change your PIN.


Step 1 When the Change PIN screen appears (see Figure 6-15) to indicate that your PIN has expired, enter your old PIN in the Old PIN field.

Figure 6-15 Change PIN Screen

Step 2 Enter your new PIN in both the New PIN and Confirm New PIN fields.

Step 3 Enter a word that will help you to remember your PIN in the PIN Hint Phrase field.

Step 4 Click OK. The client adapter should authenticate using your new PIN. To verify authentication, double-click My Computer, Control Panel, and Network Connections. The status appears to the right of your Wireless Network Connection. Click View and Refresh to obtain the current status. If the client adapter is authenticated, the status reads Authentication succeeded.


Note You should use the new PIN for future authentication attempts.



Using EAP-SIM

After you (or auto profile selection) select a profile that uses host-based EAP authentication and you configure the card in Windows (provided Windows is using the Microsoft 802.1X supplicant) for EAP-SIM authentication, the authentication process varies depending on the configuration option you selected for the SIM card's PIN.

If You Are Prompted for the PIN

If you chose to be prompted for the PIN after a power-up or reboot or at every authentication request, follow the steps below to EAP authenticate.


Note These instructions are applicable after profile selection, card ejection and re-insertion, reboot, or logon.



Step 1 Perform one of the following:

If your computer is running Windows 2000, the Enter PIN screen appears (see Figure 6-16).

If your computer is running Windows XP, a pop-up message appears above the Windows system tray informing you that you need to enter your credentials to access the network. Click this message. The Enter PIN screen appears (see Figure 6-16).

Figure 6-16 Enter PIN Screen

Step 2 Enter your PIN and click OK. The computer now retrieves information from the SIM card. If you enter the PIN incorrectly, an error message appears.


Note If you exceed the maximum number of retries for entering the PIN, the card locks up.


Step 3 The client adapter should now EAP authenticate. To verify authentication, double-click My Computer, Control Panel, and Network Connections. The status appears to the right of your Wireless Network Connection. Click View and Refresh to obtain the current status. If the client adapter is authenticated, the status reads Authentication succeeded.


Note ACU and the Windows Wireless Network Connection icon in the Windows XP system tray may indicate a connection status when authentication is still in the pending state or the authentication server fails to respond.



If the PIN Is Stored on the Computer

If you chose to store the PIN in the computer's registry, the EAP authentication process begins automatically, and the client adapter should EAP authenticate and use the saved PIN to access the SIM card.


Note These instructions are applicable after profile selection, card ejection and re-insertion, reboot, or logon.



Note If the stored PIN is wrong and therefore rejected by the SIM, the EAP-SIM supplicant temporarily changes the prompt mode to the default setting (Ask for my PIN once after I turn my computer on) in order to prevent the SIM from locking up. Unless changed manually, this setting stays in effect until your computer is powered off. Change your stored PIN on the SIM Authentication Properties screen.


To verify authentication, double-click My Computer, Control Panel, and Network Connections. The status appears to the right of your Wireless Network Connection. Click View and Refresh to obtain the current status. If the client adapter is authenticated, the status reads Authentication succeeded.


Note ACU and the Windows Wireless Network Connection icon in the Windows XP system tray may indicate a connection status when authentication is still in the pending state or the authentication server fails to respond.


Restarting the Authentication Process

If your client adapter was unable to authenticate using the specified username and password and you have exhausted the retry limit (for example, LEAP tries only once to prevent you from being locked out of the system), the current profile is disabled until you change the username or password, reboot your computer, or eject and re-insert the client adapter. To force your client adapter to try to reauthenticate using the username and password of the current profile, select Reauthenticate from ACM or the Commands drop-down menu in ACU.