About EAP-TTLS

EAP-TTLS (Tunneled Transport Layer Security) is an EAP implementation by Juniper networks. It is designed to provide authentication that is as strong as EAP-TLS, but it does not require each user to be issued a certificate. Instead, only the authentication servers are issued certificates. User authentication is performed by password, but the password credentials are transported in a securely encrypted tunnel established based upon the server certificates.

User authentication is performed against the same security database that is already in use on the corporate LAN: for example, SQL or LDAP databases, or token systems. Since EAP-TTLS is usually implemented in corporate environments without a client certificate we have not included support for this. If you prefer using client certificates per user we suggest using EAP-TLS.

How to setup EAP-TTLS

1. Select Authentication Mode EAP-TTLS.

   

2. Fill out the Domain and Identity.

   Domain	The company domain for which you are enrolling, should match with the one defined in your Active Directory.
   Identity	Identity of the user account in the Active Directory which will be used by the ClickShare Buttons to connect to the corporate network.

3. Enter the Password.

   The corresponding password for the identity that you are using to authenticate on the LAN network. Per Base Unit each Button will use the same identity and password to connect to the corporate network.

4. Optionally, upload the CA certificate.

   The following formats are allowed:

   • .pem
   • .cer
   • .crt
   • .pb7 (Base64 encoded DER)

   File should at least contain the root CA certificate for your domain.

5. Click Save configuration.