4.1 XML Wireless Group Policy - WPA2-Enterprise with PEAP-MSCHAPv2
This sample profile uses Protected Extensible Authentication Protocol [MS-PEAP] with Microsoft Challenge Handshake Authentication Protocol [MS-CHAP] to provide password-based authentication to the network.
This sample is configured to use Wi-Fi Protected Access 2 security running in Enterprise mode (WPA2-Enterprise). The WPA2-Enterprise security type uses 802.1X for the authentication exchange with the backend. The Advanced Encryption Standard (AES) cipher type is used for encryption.
-
<?xml version="1.0" encoding="US-ASCII"?> <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"> <name>SampleWPA2EnterprisePEAPMSCHAP</name> <SSIDConfig> <SSID> <name>SampleWPA2EnterprisePEAPMSCHAP</name> </SSID> </SSIDConfig> <connectionType>ESS</connectionType> <connectionMode>auto</connectionMode> <MSM> <security> <authEncryption> <authentication>WPA2</authentication> <encryption>AES</encryption> <useOneX>true</useOneX> </authEncryption> <OneX xmlns="http://www.microsoft.com/networking/OneX/v1"> <EAPConfig> <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig" xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon" xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapMethodConfig"> <EapMethod> <eapCommon:Type>25</eapCommon:Type> <eapCommon:AuthorId>0</eapCommon:AuthorId> </EapMethod> <Config xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1" xmlns:msPeap="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1" xmlns:msChapV2="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"> <baseEap:Eap> <baseEap:Type>25</baseEap:Type> <msPeap:EapType> <msPeap:ServerValidation> <msPeap:DisableUserPromptForServerValidation>false</msPeap:DisableUserPromptForServerValidation> <msPeap:TrustedRootCA /> </msPeap:ServerValidation> <msPeap:FastReconnect>true</msPeap:FastReconnect> <msPeap:InnerEapOptional>0</msPeap:InnerEapOptional> <baseEap:Eap> <baseEap:Type>26</baseEap:Type> <msChapV2:EapType> <msChapV2:UseWinLogonCredentials>false</msChapV2:UseWinLogonCredentials> </msChapV2:EapType> </baseEap:Eap> <msPeap:EnableQuarantineChecks>false</msPeap:EnableQuarantineChecks> <msPeap:RequireCryptoBinding>false</msPeap:RequireCryptoBinding> <msPeap:PeapExtensions /> </msPeap:EapType> </baseEap:Eap> </Config> </EapHostConfig> </EAPConfig> </OneX> </security> </MSM> </WLANProfile>