EAP Registry Settings (Compact 2013)
3/26/2014
The setup software for the EAP dynamic-link library (DLL) can create a set of registry keys and values for the extension protocol. Place these keys and values under the HKEY_LOCAL_MACHINE\Comm\Eap\Extension\<eaptypeid> registry path, with <eaptyeid> being the identifier of the authentication protocol.
Note
The default registry values vary, depending on which Catalog items are included in your OS design.
The following table shows possible registry values for an EAP extension protocol.
Note
The EAP registry values Path and FriendlyName are required.
Value : type |
Description |
|---|---|
ConfigData : REG_BINARY |
Specifies default configuration data for the authentication protocol. |
ConfigUIPath : REG_EXPAND_SZ |
Specifies the path to the DLL that implements the configuration UI. .gif "Ee493647.Caution(en-us,WinEmbedded.80).gif") Caution:
To use this setting, include WexEapCallbacks.dll in the run-time image in nk.bin or copy it to the local Windows directory.
|
FriendlyName : REG_SZ |
Specifies a friendly name for the authentication protocol. This name will appear in the Dial-up Networking user interface (UI). |
IdentityPath : REG_EXPAND_SZ |
Specifies the path to the DLL that implements functions that obtain the user's identity. Caution:
To use this setting include WexEapCallbacks.dll in the runtime image in nk.bin or copy it to the local Windows directory.
|
InteractiveUIPath : REG_EXPAND_SZ |
Specifies the path to the DLL that implements the interactive UI. Caution:
To use this setting include WexEapCallbacks.dll in the runtime image in nk.bin or copy it to the local Windows directory.
|
InvokePasswordDialog : REG_DWORD |
Specifies whether RAS displays the standard password dialog box. If this value exists and is 0 (zero), RAS does not display the password dialog box. The default value is 1. For more information, see the following Remarks section. |
InvokeUsernameDialog : REG_DWORD |
Specifies whether RAS displays the standard user name dialog box, with a value of 1, or invoke RasEapGetIdentity, with a value of 0 (zero). The default value is 1. For more information, see the following Remarks section. |
MPPEEncryptionSupported : REG_DWORD |
If this value is 1, the authentication protocol can generate keys for the Microsoft Point-to-Point Encryption (MPPE) style of encryption. Possible values are 0 (zero) or 1. The default value is 0. |
Path : REG_EXPAND_SZ |
Specifies the path to the EAP DLL. Caution:
To use this setting include WexEapCallbacks.dll in the runtime image in nk.bin or copy it to the local Windows directory.
|
RequireConfigUI : REG_DWORD |
Specifies whether the user must provide configuration data in the Dial-up Networking UI. If this value is 1, the user will not be allowed to exit the Dial-up Networking UI without providing configuration data. The default value is 0 (zero). |
StandaloneSupported : REG_DWORD |
Specifies whether this authentication protocol is supported. A value of 0 (zero) indicates that the EAP is not supported. The default value is 1. |
The registry path for EAP over LAN (EAPOL) authentication is HKEY_LOCAL_MACHINE\Comm\EAPOL. The following table shows possible registry values to specify for this path.
Value : type |
Description |
|---|---|
AuthPeriodSeconds : REG_DWORD |
Specifies the number of seconds to wait for a message from the server in the Acquired or Authenticating state. The default value is 30. |
HeldPeriodSeconds : REG_DWORD |
Specifies the number of seconds to wait and ignore all messages after a few failed authentications. This registry key is used to hinder brute force attacks. The default value is 60. |
MaxStart : REG_DWORD |
Specifies the maximum number of times to send an EAPOL_Start message while receiving no response. After this many tries and no responses, EAPOL assumes that the peer does not support 802.1x authentication, and enters the Authenticated state to allow network activity to proceed. The default value is 3. |
StartPeriodSeconds : REG_DWORD |
Specifies the time, in seconds, to wait before sending an EAPOL_Start message. The default value is 3. |
Remarks
When the registry settings InvokeUserNameDialog and InvokePasswordDialog are set to nonzero values, the OS image attempts to load and late-bind netui.dll, even if the UI features in the DLL are not needed. These two registry settings must be set to 0 (zero) to prevent late-binding of netui.dll.