EAP-PEAP on N80 ?

Similar Messages

• WIFI: EAP-PEAP

  Hi everybody,
  I'm in a US university and i'm trying to set up my E65 to connect to their wireless network in order to contact my family in belgium through VOIP. unfortunately, I'm unable to connect to the network. Can someone please help me out?
  This is a screenshot of how my computer is configured (sorry it's in french):
  http://img57.imageshack.us/img57/8995/wlanbl8.jpg
  After that I have to put my username and password and i have to leave the domain field blank.
  this is the configuration on my E65:
  Connection Name: msu1x
  Data Bearer: Wireless LAN
  WLAN netw. name: msu1x
  Network Status: hidden
  WLAN network mode: Infrastructure
  WLAN security mode: WPA/WPA2
  WLAN security settings =>
  WPA/WPA2: EAP
  WPA2 only: disabled
  EAP plug-in settings =>
  EAP-PEAP selected and first. All others disabled.
  EAP-PEAP configure =>
  User Certificate: not defined
  CA Certificate: none
  User Name in Use: User-configured
  User Name: my_user_name
  Realm in Use: User-configured
  Realm: Empty
  Allow PEAPv0: yes
  Allow PEAPv1: yes
  Allow PEAPv2: yes
  EAP-types: =>
  EAP-MSCHAPv2 selected and first. All others disabled.
  EAP-MSCHAPv2 configure: =>
  User Name: my_user_name
  Prompt Password: no
  Password: my_user_name
  Ciphers:
  RSA,3DES,SHA selected and first. All other selected.
  I'm really sad because I wanted this phone to use VOIP and now I can't use it...
  I'd really appreciate if any of you could help me out !
  Thanks in advance

  I used these setting a while back on several model:
  /discussions/board/message?board.id=connectivity&message.id=6472&query.id=153958#M6472
  WLAN security mode: 802.1X
  WLAN security settings:
  WPA mode: EAP
  EAP plug-in settings: EAP-PEAP (only one checked, top of the priority list)
  EAP-PEAP->Options->Configure:
  [General] tab
  User Certificate: (not defined)
  CA certificate: (Cisco ACS CA)
  User name in use: From Certificate
  User name: (Blank)
  Realm in use: From Certificate
  Realm: (Blank)
  Allow PEAPv0: Yes
  Allow PEAPv1: No
  Allow PEAPv2: No
  [EAP] tab
  EAP-MSCHAPv2 (only one checked, top of priority list)
  TKIP encryption: disabled (not displayed)
  EAP-MSCHAPv2 ConfigurationUsername: (AD Domain name)\(Username)
  Prompt password: No
  Password: (domain password)
  [Encryption] tab
  (All algorithms are checked)
  Remember to choose hidden in network status, if you have hidden SSID !
  Also I use DHCP and a web-proxy.
  You may wonder why there is notthing in username and realm, but this is since PEAP doesnt verify the certificate, hence you do not need any.
  Allthough must of my other tests I did have user name and domain, but this failed ! Wierd.
  A note: When I installed the ACS CA Certificate I shoose Internet=Yes and Cer-control online = No
  (Find this under tools-security-Certificate control - choose the Cert and choose "trust settings"
  Anyway the above settings works.
  So the E60,E61,E70 and N80 works with LEAP and PEAP !!

• 802.1x EAP-PEAP over Ethernet need help !!!

  I am trying to get wired 802.1x EAP-PEAP to work and after spending about 8 hours
  troubleshooting this, I am not sure what else to do.  Need help.  Here
  is the scenario:
  - Cisco Catalyst 3350 switch running IOS versionc3550-ipservicesk9-mz.122-44.SE6.bin,
  - Steelbelted/JUniper Radius Server version 6.1.6 on a windows 2003 server
  with IP address of 129.174.2.7.  This device is connected to the same switch above.
  Firewall is OFF on the server, allow ALL,
  - Windows 2003 Enterprise Server supplicant with the latest Service pack and patches.  Again,
  Firewall is OFF on the server, allow ALL.  Juniper has verified the configuration settings
  on the Supplicant machine.  The supplicant has a static IP address of 129.174.2.15, same subnet
  as the radius server, I just want enable EAP-PEAP so that user is forced to authenticate before
  the port is activate to be "hot".
  - Juniper TAC has verified the configuration on the Steelbelted radius for eap-peap
  and that everything is looking fine,
  I have verified that the switch can communicate fine with the radius server.
  - Configuration on the switch for 802.1x:
  aaa new-model
  aaa authentication dot1x default group radius
  radius-server host 129.174.2.7 auth-port 1812 acct-port 1813 key 123456
  interface FastEthernet0/39
    description windows 2003 Supplicant
    switchport access vlan 401
    switchport mode access
    dot1x port-control auto
    no spanning-tree portfast (does not matter if this is enable or disable)
  lab-sw-1#
  .May 20 07:52:47.334: dot1x-packet:Received an EAP request packet from EAP for mac 0000.0000.0000
  .May 20 07:52:47.338: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1  data:
  .May 20 07:52:47.338: EAPOL pak dump Tx
  .May 20 07:52:47.338: EAPOL Version: 0x2  type: 0x0  length: 0x0005
  .May 20 07:52:47.338: EAP code: 0x1  id: 0x2  length: 0x0005 type: 0x1
  .May 20 07:52:47.338: dot1x-packet:dot1x_txReq: EAPOL packet sent out for the default authenticator
  lab-sw-1#
  lab-sw-1#sh dot1x interface f0/39
  Dot1x Info for FastEthernet0/39
  PAE                       = AUTHENTICATOR
  PortControl               = AUTO
  ControlDirection          = Both
  HostMode                  = SINGLE_HOST
  Violation Mode            = PROTECT
  ReAuthentication          = Disabled
  QuietPeriod               = 60
  ServerTimeout             = 30
  SuppTimeout               = 30
  ReAuthPeriod              = 3600 (Locally configured)
  ReAuthMax                 = 2
  MaxReq                    = 2
  TxPeriod                  = 30
  RateLimitPeriod           = 0
  lab-sw-1#
  I am at a complete lost here.  don't know what else to do.  Someone with expertise in this realm please
  help me how to make this work.
  Many thanks in advance,

  #1:  dot1x system-auth-control is already in the switch configuration
  #2:  Not sure if you're already aware, the minute I entered "dot1x port-control auto", the command "dot1x pae authenticator" automatically appears on the interface configuration
  The case is being worked on by Cisco TAC.  One of the issues is the windows 2003 server supplicant refuses to work.  Windows XP supplicant uses machine-authentication instead of user-authentication.  Cisco TAC is looking into this issue.

• Cannot connect to wlan eap-peap athentication fail...

  Hi all
  I have A nokia N97 which I tried to connect to my work WLAN but I get  eap-peap athentication failed. We do user a certificate which I have installed on the phone but it does not connect. It does not even promt for user name or password. I can connect to my home wireless which just ask for a security key which i enter and it works please please help.
  Please help

  I got it working please read my How to
  /t5/Connectivity/How-to-connect-to-wlan-with-n97-u​sing-ca-certificate/td-p/659372

• How to connect to AP with WPA2, EAP-PEAP, MSCHAPv2...

  I am trying to connect to the company network, but it always shows "PEAP authentication failed".
  There are only instructions for iPhone and PC.
  security : WPA2-Enterprise
  authority certificate : None
  Security Type : PEAP
  Inner Link Security : EAP-MSCHAPv2
  additionally MAC address filtering.
  The access point I set is as follows:
  network status: public
  wLAN network mode: infrastructure
  security: WPA/WPA2
  WPA2 only mode: off
  EAP plug-in setting: EAP-PEAP enable only
  personal certificate: not defined
  authority certificate: not defined
  user name: user-defined   BLANK
  realm in use: user-defined   BLANK
  allow PEAPv0
  MSCHAPv2
  user name: username
  password: mypassword
  We have domain, but there are no command about domain in iPhone guide. 
  Is there anything wrong of my setting?

  WPA2-Enterprise is not supported on your device.
  ‡Thank you for hitting the Blue/Green Star button‡
  N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009

• EAP TLS for machine and EAP PEAP for user

  Hi forum
  I am doing a design to use ISE to enforece dot1x for corporate machinese on both wired and wireless.
  Due to the particular environment, we will need to use EAP-TLS for machines auth and on top of that use EAP-PEAP for user auth with windows credential and posture for full access.
  Just wondering if anyone has done this before:
  1. Will this work?
  2. Any gottas?
  3. what is the user experience like?
  All machines are win7 based.
  Thanks

  You can not use the native supplicant for this. Cisco Anyconnect NAM will allow you to use this method. It is very simple to configure and deploy.
  Tarik Admani
  *Please rate helpful posts*

• Cisco ISE - eap-peap and eap-tls

  Hi,
  Does anybody have an example of an ISE authentication policy where authentication requests coming from a WLC can be handled by TLS and PEAP?
  I dont seem to get that working, I do however make the ISE application crash with my config which is not the idea.
  If peap use this identity source, if tls use 'this certificate authentication profile'.
  Thx

  OK,
  so I have just fired up my lab and I actually created an Identity Sequence which contained my AD & my certificate profile.
  The authentication policy was allowing EAP-TLS & EAP-PEAP.
  I then created 2 authorization rules, 1 for users and 1 for machines permitting access based on windows AD group.
  What i found out was that the Windows 802.1x supplicant can only support 1 method of authentication, so if you want this to work properly, you need a different supplicant. I think Cisco do a more advanced one, not sure. You can then specifically choose that for machine auth you use EAP-TLS and for User Auth you use EAP-PEAP.
  In my setup. Machine auth ONLY happens when the user logs off the machine and it is sitting at Ctrl+alt+del so that it can still talk to the network and get all relevant updates etc. I found that not only did the machine authenticate using EAP-PEAP, it also authenticated using TLS... I think that is because of the wireless settings I had. I chose EAP-PEAP for wireless settings
  When the user then logs in, the user account authenticates using EAP-PEAP. I dont think you can authenticate both the logged on user and the machine at the same time. Not with the native windows supplicant anyway. Windows either sends authentication request for the user or the machine but not both.
  Hope that helps.
  Mario

• EAP-TLS and EAP-PEAP Clients

  Hi guys
  I have installed a dot.1x solution for a customer using ISE. The ip phones have certificate from CUCM server. In the ISE a wired-dot.1x with eqp-tls enabled policy is configured so that when ip phones or PC connect to network they get authenticated using EAP -TLS. I have required certificates imported on pc's and ISE server. That part works absolutely fine.
  Now I have been asked to configure EAP-PEAP for video end points which doesn't support EAP -TLS.
  The endpoints are configured with a username and password. The credentials are created in ISE server.
  I create a second policy for wired dot.1x with EAP - PEAP enabled
  The problem I am hitting is that if the PCM and phone policy is on top. The phone and pc gets authenticated. But video endpoint doesn't. I get authentication error messages saying certificate expected but received credentials.
  When I move the video end point authentication rule above the pc and phones. The video end points get authenticated successfully. But PC and phone authentication breaks. The error message I receive is saying usrname and password expected but received a certificated based authentication.
  Has anyone seen this type of scenario ? Any idea how to make EAP -PEAP and EAP TLS authentication work together ?
  Thanks in advance.
  Sent from Cisco Technical Support iPad App

  Hi,
  There are two ways you can tackle this with ISE, I will start with the easiest one and then the other one to cover your options.
  You need to create an identity store sequence. This allows you to mix both certificate based and password based authentications, keep in mind that you can only map one Certificate authentication Profile in when using identity store sequences. More informations about configuring this is provided below:
  http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_id_stores.html#wp1117203
  The next option would be to use the authentication policy configuration to map the patterns of the username (if common with your video endpoints), to forward their requests to the internal identity store. You can use regex to make this work and you can check for the radius username attribute.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• WPA2 EAP-PEAP error, may be Windows Server 2008 or...

  I've studied posts like /t5/Connectivity/Not-able-to-connect-to-company-WLAN-WPA2-AES-PEAP-with-E71/m-p/420301/highlight/tru... , updated firmware, no joy. On E71, get
  WLAN: EAP-PEAP authentication failed
  In the event log of the domain controller+NPS server, get:
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          5/19/2010 10:24:18 AM
  Event ID:      6274
  Task Category: Network Policy Server
  Level: Information
  Keywords: Audit Failure
  User: N/A
  Computer: Actinium.s********.com
  Description: Network Policy Server discarded the request for a user. Contact the Network Policy Server administrator for more information.
  User:
       Security ID: S****\****
       Account Name: d***@*****.com
       Account Domain: S*******
       Fully Qualified Account Name: S******\*****
  Client Machine:
       Security ID: NULL SID
       Account Name: -
       Fully Qualified Account Name: -
       OS-Version: -
       Called Station Identifier: 000B8651*****
       Calling Station Identifier: 0021FE3****
  NAS:
       NAS IPv4 Address: 10.0.1.253
       NAS IPv6 Address: - NAS Identifier: 10.0.1.253
       NAS Port-Type: Wireless - IEEE 802.11
       NAS Port: 1
  RADIUS Client:
       Client Friendly Name: OAW-4308
       Client IP Address: 10.0.1.253
  Authentication Details:
       Connection Request Policy Name: Secure Wireless Connections
       Network Policy Name: Secure Wireless Connections
       Authentication Provider: Windows Authentication Server: Actinium.s********.com
       Authentication Type: EAP
       EAP Type: -
       Account Session Identifier: -
       Reason Code: 1
       Reason: An internal error occurred. Check the system event log for additional information.
  I get a different "Reason" when I deliberately use the wrong certificate, so that part is probably OK. Tried many combinations of sAMAccountName, userPrincipalName, etc. in user and realm fields. I saw a perhaps related issue with somebody using a maemo device that stopped working when they upgraded to Windows Server 2008 on the back end. No problem with iPhones, Blackberry Storms, laptops.
  Help...

  In the SCVMM world a 'template' is composed of the following: a VHD with an OS that has been generalized (sysprep), virtual hardware profile (settings), and an OS profile.
  The OS profile is required to have a product key.  A MAC activation key at the minimum.  But the key is required.
  If you deploy a VM from a VHD, the same customization assumptions are not at play.  Which is why it succeeds.  (there is no template in this case, there is also no requirement that the OS in the VHD be sysprep'd).
  SCVMM has rules.  And lots of things don't make sense until you begin to understand them and play within them. (I am not saying that the SCVMM rules are a good thing, just saying they exist)
  Brian Ehlert
  http://ITProctology.blogspot.com
  Learn. Apply. Repeat.

• 802.1x EAP PEAP MSCHAPv2 on Windows 7 Client.

  I have problems autenticate a w7 client at our Enterprice WiFi network. XP, Apple clients and all SmartPhones works fine...  We use Radius assigned Vlans based on username and ream routed on our Meru Network to Navis radius as centralied point of
  autentication. Navis proxes client autenticatinon recuest to the customers Radiuses based on the realm.
  Windows 7 32 client use the radius CA (installed and ticked) and EAP PEAP MSCHAPv2 in the SSID settings. The customer radius is an Freeradius. In autentication logs we se that the client sends the Maschinename, eg. Machine-x200/username@realm
  even we in the client settings, under SSID Propirties, Security, MS Protected EAP(PEAP), Settings and EAP-MSCAPv2 Configuration, have removed tick on the default setting:
  Use Autom. Windows-username... AND under Security Advanced (back one step), in the 802.1X Settings, choose User autentication only! (not user and maschine, mascine only or guest) and we have saved corectly username@reame =(username here) and password...
  in the username password Setting.
  Is it possible edit or change the way the client PC is sett up to prevent this?
  Is there any way make a policy setting? or is there other solutions?
  I have teste te Cisco: PEAP option too, but stil noe autenticatoin from Radius
  Thanks

  Hi,
  As I know, this goal cannot be achieved.
  Reference:
  Use the 802.1X Wizard to Configure NPS Network Policies
  For authentication using Extensible Authentication Protocol – Transport Layer Security (EAP-TLS), select
  Microsoft: Smart Card or other certificate, click
  Configure, click
  OK, and then click
  Next.
  For authentication using Protected Extensible Authentication Protocol – Transport Layer Security (PEAP-TLS), select
  Microsoft: Protected EAP (PEAP). In
  Eap Types, click
  Add, click
  Smart Card or other certificate, click the
  Move Up button to position a smart card or other certificate at the top of the list, click
  OK, and then click
  Next.
  For secure password authentication using Protected Extensible Authentication Protocol – Microsoft Challenge Handshake Authentication Protocol
  version 2 (PEAP-MS-CHAP v2), select Microsoft: Protected EAP (PEAP). In
  Eap Types, click
  Add, click
  Secured password (EPA-MSCHAP v2), click the
  Move Up button to position the secured password authentication type at the top of the list, click
  OK, and then click
  Next.
  Regards,
  Sabrina
  TechNet Subscriber Support
  in forum.
  If you have any feedback on our support, please contact
  [email protected]
  This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
  This can be beneficial to other community members reading the thread.

• WLC 5508 Web Auth and EAP / PEAP

     Morning all, I'm looking for some clarification.
  Current setup:
  I work in a school, a few years age I installed a 4400 WLC and several APs as a proof of concept exercise to see whether wireless technology would be of benefit to teaching and learning. It was deemed to be so.
  This summer I installed 2 x 5508 WLCs and increased AP coverage to 50 - copied over the configs from the old controller - all works fine.
  Currently only the staff can access the WLANs with the exception of a public WLAN in the canteen area.
  Because there are a limited number of devices, WPA2 in conjunction with MAC filtering was used. However the school wants to open the wireless network to all of the students - potentially this means up to 1000 devices that will no doubt change on a regular basis so MAC filtering is out.
  In line with child protection policies I need an 'auditable' trail when students access wireless resources.
  Planned setup:
  I have setup a test WLAN that uses Web Auth - the WLC is configured to pass authentication requests  ( through an ASA ) onto a RADIUS server which is tied into AD. I have a CA setup as well as a NAP server.
  There is no layer 2 security set on the test WLAN and layer 3 is just web authentication. From any mobile device I can authenticate against AD and gain access to the Internet.
  Clarification:
  With no layer 2 security the WLAN is exposed so I need to introduce some form of end to end encryption - so I am looking at deploying EAP / PEAP.
  Would the introduction of EAP / PEAP keep the network as secure as if I was using WPA2 ?
  Many thanks.

  If you are web authentication you cannot use dot1x as L2 security , so EAP is not an option.
  But you can use preshared security , like WPA2 AES with web auth to insure that the traffic is encrypted.
  or you can define a wlan profile with dot1x security on l2 and nothing on l3 , by doing so you would definetely hit the utmost security poossible.
  Check the following link which contain couple of EAP config examples:
  http://www.cisco.com/en/US/partner/tech/tk722/tk809/tech_configuration_examples_list.html
  Please make sure to rate correct answers

• EAP-PEAP and EAP-TLS on same switched network

  Hello,
  I'd like to enable both EAP-PEAP and EAP-TLS on the same network to support 802.1x authentication. The reasons are because of historical things i.e. 'older' devices use PEAP and newer devices  use TLS. Over time all will be using TLS, but for now both will the there.
  The AAA server is a Cisco ASC (4.2 or 5.1 - don't know yet)
  I've not tested this or so, but I don't think this will be an issue....because from a switch point of view, it is just passing EAP traffic to teh Radius and so the required services need to be made available on the Radius server...is that a correct assumption?
  Thanks,
  Guy

  You are right Guy, the switch just as act as an termediary device. It just passes EAPOL packet between the ACS server and client, and waits till the ACS server authenticate the client(internal DB, or external DB= AD, LDAP). You just need to enable EAP/TLS, MS-CHAP and MS-CHAPv2 for PEAP in the ACS server. Last make sure that your certificates at both side are valid and sign by the CA.
  Good Luck,
  --Jean Paul

• 802.1x EAP-PEAP - Radius Question

  We're going to be deploying a wireless solution to a customer at some point shortly. So far we have a WLC 2500 Series,
  1140 LAPs, and a 2960-S switch. We're going to have Windows 7, iPhone, iPAD devices, and I was going to implement
  802.1x EAP-PEAP. I'm going to need a RADIUS server, but I was just wondering is there a cheaper solution than just
  getting a Cisco ACS to run a simple RADIUS server which is all I need.
  Also, when the Supplicant sends its NAI in a EAP-ResponseIdentity message, what exactly is this username
  and how does it differ from the username you provide after the secure TLS tunnel has been configured.                  

  Hey John,
  Yes, in fact its all about feeling comfortable. So here is a video showing LOCAL PEAP on a WLC.
  http://www.youtube.com/watch?v=YIxG4OEfwtY
  The 2000 is becuase there is a database limit this includes MACS, LOCAL ACCOUNTS and AP MACs for AP policy. The mac is 2048 .. Here I blogged about this ..
  http://www.my80211.com/cisco-wlc-cli-commands/2009/12/27/configure-local-mac-authentication-on-cisco-wlcs.html
  So yes it sounds right and you should be good.
  Hope this makes you feel a little bit better with your direction. If this helps can you mark the question as answered ?
  Thanks John!
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Nokia E51 with 802.1x / EAP-PEAP & EAP-MSCHAPv2 pr...

  Hello,
  I'm trying to connect my phone to a Wireless AP (Cisco AP1130) using 802.1x, EPA-PEAP & EAP-MSCHAPv2 authentication.
  The RADIUS SERVER is M$ IAS.
  Authentication is working with a laptop, but it is not with my phone
  The only difference during the authentication process on the AP is that during Phase 1 my laptop is sending REALM\Username while my phone is sending Username@REALM.
  Does somebody know what should I change in my phone's configuration to make it work ?
  Thanks,
  Ceux qui aiment marcher en rangs sur une musique :
  ce ne peut être que par erreur qu'ils ont reçu un cerveau,
  une moelle épinière leur suffirait amplement. -- Albert Einstein

  Hi,
  Sorry for the late answer since I was "out of the office" for a while
  So here is the process to get the certificate.
  Log in to you IAS Server.
  Open the IAS Service Application.
  Go to "Remote Access Policies".
  Choose the policy that apply to "Wireless Connection"
  Click "Edit Profile" button.
  Choose "Authentication" Tab.
  Click "EAP Methods"
  Choose "Protected EAP (PEAP)" Entry & click "Edit" Button.
  The Next Window will show you the Certificate Issuer Name & Expiration Date.
  Then, click "Start" Button.
  Choose "Run".
  Type "mmc" in the "Run" box.
  Click "File" & Choose "Add/Remove Snap-In".
  Click "Add" Button.
  Choose "Certificates" entry, click "Add" Button & Choose "My User Account" in the "Certificates Snap-In" Window & click Finnish.
  Click "Close" & "OK" Button.
  Expand the "Certificates - Current User" Entry" & "Intermediate Certification Authorities" & Select "Certificate".
  The left window will show you a list of certificate. One of them should have the same name as the one in the "Certificate Issuer" Entry of the IAS Service Application.
  "Right click" on the certificate, choose "All Tasks", the "Export".
  In the new window, click "Next" Button.
  Choose "DER Encoded Binary X.509 (.cer) entry & click "Next" Button.
  Choose a suitable location.
  Click "Next" Button & "Finnish" Button.
  Certificate is now exported.
  You have to install it on your Phone now.
  The most simple way is to copy the certicate on a Web Server and access it with your phone.
  Hope that Help, if you did not already succeed.
  Ceux qui aiment marcher en rangs sur une musique :
  ce ne peut être que par erreur qu'ils ont reçu un cerveau,
  une moelle épinière leur suffirait amplement. -- Albert Einstein

• EAP-PEAP setting on Nokia E6 crashes!

  I just updated my Nokia E6 to Symbian Belle. When I try to edit the EAP-PEAP settings for my corporate WPA2 secured network, the settings simply crashes and returns to the home screen.

  Hi Eelke,
  I've had the same problem as you for two days now, but finaly solved it ...
  The important thing is to NOT use the Option -> Edit (just craches ... must be a bug)
  Instead tap on the EAP-PEAP option. Also when disabeling/enabeling I pressed the screen and held finger there and an option menu will appear (or if not enabled it will enable the option).
  Hope this works for you as well. I just created an account to be able to post this for you :-), since the post came up on a google search I did.
  Surfin' Swede