Configuring EAP-FAST authentication
EAP-FAST is an authentication method that was developed by Cisco® Systems. Similar to PEAP authentication, EAP-FAST authentication encrypts EAP transactions within a TLS tunnel. Although PEAP uses a server-side digital certificate to configure the TLS tunnel, EAP-FAST uses a .pac file.
The .pac file that the BlackBerry® devices and the authentication server share contains secret keys that are unique to the BlackBerry devices. The EAP-FAST master key on the authentication server generates the .pac file. EAP-FAST uses the .pac file to open the TLS tunnel and authenticates the user credentials through the TLS tunnel.
Configure EAP-FAST authentication
- Distribute the .pac file to the wireless client over a network connection that is designed to be secure using automatic PAC provisioning.
- Configure each wireless access point to connect to the access control server and a DHCP server.
- Verify that the DHCP server can provide the following information to the wireless client:
- Configure the access control server.
- For information about the automatic provisioning process, see the documentation for your organization’s authentication server.
- For information about configuring wireless access points, see the documentation for the access points.
- For information about configuring the access control server, see the documentation for the access control server.
- In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Policy > Wi-Fi configuration.
- Click Manage Wi-Fi profiles.
- Click the name of the Wi-Fi® profile that you want to configure.
- Click Edit profile.
- In the Wi-Fi profile settings tab, perform the following actions:
- If required, configure the following configuration settings:
- Click Save All.
Configure EAP-FAST configuration settings in the Wi-Fi profile on BlackBerry devices
- On the BlackBerry device, in the device options, click Wi-Fi Connections.
- Click the Wi-Fi profile that you want to change.
- Click Edit.
- In the Security Type list, select EAP-FAST.
- Type the user name and password for the messaging server.
- In the Inner link security list, click the security type.
- If necessary, in the Token list, select the token type.
- If your organization uses dynamic IP addresses, verify that the Automatically obtain IP address and DNS option is selected.
- If necesssary, select the Prompt before connection check box. If you do not select the check box, the BlackBerry device connects to an available wireless access point automatically.
- If necessary, select the Notify on authentication failure check box.