Configuring OAC for single sign on is a relatively straight forward process. The following outlines the minimum steps needed to accomplish this. In this example the users Windows credentials will be used for authentication with the use of TTLS and EAP-MSCHAP-V2.
Launch Odyssey Access Client Administrator:
Open Initial Settings
Although enabled else where in OAC, the actual settings used for the connection are created here. Configure Initial Settings just as you would Odyssey Access Client Manger.
Create a Profile
The default profile is configured to use EAP-MSCHAP-V2 in an EAP-TTLS tunnel and authenticate the user with their Windows login credentials. In most cases the user name field in your “Initial Settings” profile should be left blank. This tells OAC to supply the name used to logon to the computer during the GINA authentication.
Note: With minor changes to this profile it is possible for a user to login to with their Windows credentials, but authenticate the 802.1x connection with another set of credentials or an RSA token.
By default OAC will attempt to validate the Radius Server certificate if the EAP Type selected supports it. In this case it does. Although it is recommended that you do so, for the purpose of this KB we will select “Disable server verification”.
Configure a Network (if using wireless)
Make sure to add the profile you just created. Initial Settings should look something like this:
Click the GINA Tab
Select "Install Odyssey GINA Module"
Note: If the currently listed GINA module is something other than msgina.dll or one of the listed qualified GINA modules, contact tech-support for assistance.
Click the User Account Tab
Select "Prior to Windows logo, using the following settings" then proceed to configure your wired or wireless adapter; then your network or profile.
There are a number of settings on the "User Account" tab. For testing purposes select never under "Prompt to connect". After enabling GINA you will need to reboot before you can test the configuration. If everything goes well, after entering your credentials at the Ctrl-Alt-Del screen on the XP or the OAC tile in Vista a connection dialog will appear. The status of the connection will be displayed and should end with "Open"; at which point the users desktop will load. If this does not happen review all the steps and try again. If single sign on still doesn't work contact technical support for assistance.
Note: On Windows Vista you are required to decorate your name in the Domain\User name format.