4.1 XML Wireless Group Policy - WPA2-Enterprise with PEAP-MSCHAPv2

This sample profile uses Protected Extensible Authentication Protocol [MS-PEAP] with Microsoft Challenge Handshake Authentication Protocol [MS-CHAP] to provide password-based authentication to the network.

This sample is configured to use Wi-Fi Protected Access 2 security running in Enterprise mode (WPA2-Enterprise). The WPA2-Enterprise security type uses 802.1X for the authentication exchange with the backend. The Advanced Encryption Standard (AES) cipher type is used for encryption.

  
 <?xml version="1.0" encoding="US-ASCII"?>
 <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
     <name>SampleWPA2EnterprisePEAPMSCHAP</name>
     <SSIDConfig>
         <SSID>
             <name>SampleWPA2EnterprisePEAPMSCHAP</name>
         </SSID>
     </SSIDConfig>
     <connectionType>ESS</connectionType>
     <connectionMode>auto</connectionMode>
     <MSM>
         <security>
             <authEncryption>
                 <authentication>WPA2</authentication>
                 <encryption>AES</encryption>
                 <useOneX>true</useOneX>
             </authEncryption>
             <OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
                 <EAPConfig>
                     <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig" 
                                    xmlns:eapCommon="http://www.microsoft.com/provisioning/EapCommon" 
                                    xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapMethodConfig">
                         <EapMethod>
                             <eapCommon:Type>25</eapCommon:Type> 
                             <eapCommon:AuthorId>0</eapCommon:AuthorId> 
                        </EapMethod>
                        <Config xmlns:baseEap="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1" 
                                xmlns:msPeap="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1" 
                                xmlns:msChapV2="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1">
                            <baseEap:Eap>
                                <baseEap:Type>25</baseEap:Type> 
                                <msPeap:EapType>
                                    <msPeap:ServerValidation>
                                        <msPeap:DisableUserPromptForServerValidation>false</msPeap:DisableUserPromptForServerValidation> 
                                        <msPeap:TrustedRootCA /> 
                                    </msPeap:ServerValidation>
                                    <msPeap:FastReconnect>true</msPeap:FastReconnect> 
                                    <msPeap:InnerEapOptional>0</msPeap:InnerEapOptional> 
                                    <baseEap:Eap>
                                        <baseEap:Type>26</baseEap:Type> 
                                        <msChapV2:EapType>
                                            <msChapV2:UseWinLogonCredentials>false</msChapV2:UseWinLogonCredentials> 
                                        </msChapV2:EapType>
                                    </baseEap:Eap>
                                    <msPeap:EnableQuarantineChecks>false</msPeap:EnableQuarantineChecks> 
                                    <msPeap:RequireCryptoBinding>false</msPeap:RequireCryptoBinding> 
                                    <msPeap:PeapExtensions /> 
                                </msPeap:EapType>
                            </baseEap:Eap>
                        </Config>
                    </EapHostConfig>
                 </EAPConfig>
             </OneX>
         </security>
     </MSM>
 </WLANProfile>