Main Nav

Neil,

If you want to do machine authentication for local access, the SSID is yours, so treat it like you would treat 
any other SSID on campus.

For machine authentication, I know that University of Tennessee used a lot of AD Group Policies to accomplish Machine Authentication,
while maintaining user authentication at the same time (the machine can jojn the network to talk to AD on its own but each user has to authenticate independently
to access the functionality of the machine).

As Anders mentioned, if you give access to those machines with a REALM, empowering them to travel to other eduroam locations, make sure that someone is responsible for their usage.

Best,

Philippe


Comments

He used to- now he’s like Cher, or Yani.

 

I bought his last disc- the dude can play the radius like no other.

 

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McNamara, Diane
Sent: Tuesday, April 02, 2013 1:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam and machine authentication

 

Does phanset have a last name?

 

 

 

 

"Difficult things take a long time, impossible things a little longer".  ~André A. Jackson

*****************************************************************

Diane R. McNamara

Director of Telecom/Networking

Union College

Old Chapel Rm 200

807 Union Street 

Schenectady, NY  12308

518-388-6411

www.union.edu

 

From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of phanset
Sent: Tuesday, April 02, 2013 1:10 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam and machine authentication

 

Neil,

 

If you want to do machine authentication for local access, the SSID is yours, so treat it like you would treat 

any other SSID on campus.

 

For machine authentication, I know that University of Tennessee used a lot of AD Group Policies to accomplish Machine Authentication,

while maintaining user authentication at the same time (the machine can jojn the network to talk to AD on its own but each user has to authenticate independently

to access the functionality of the machine).

 

As Anders mentioned, if you give access to those machines with a REALM, empowering them to travel to other eduroam locations, make sure that someone is responsible for their usage.

 

Best,

 

Philippe

 

 

What version of Windows? Starting with 7, you can do single sign-on from the login screen which is a great alternative to machine auth.
 
Tim

 
Tim Cappalli  ACMP  CCNA
Network Engineer | LTS NetSys
Brandeis University
x67149 | (617) 701-7149
cappalli@brandeis.edu


Message from neil-johnson@uiowa.edu

We tried SSO with windows 7 and the GINA confuses people because it asks them enter their user name twice (once for wireless and once for the domain).

Also the GUI tells the user to use DOMAIN/user-name for the format of wireless logon which leads to confusion.

We would restricting machines logins to machines on campus only, mainly shared classroom and checkout machines.

I did get something running in RADIATOR by creating a handler for  user names that start with "host/<machine-name>".

We have security issues we also need to address. Evidently it's hard to keep track of AD user logins.

-Neil



On Apr 2, 2013, at 1:46 PM, Tim Cappalli <cappalli@brandeis.edu> wrote:

What version of Windows? Starting with 7, you can do single sign-on from the login screen which is a great alternative to machine auth.
 
Tim

 
Tim Cappalli  ACMP  CCNA
Network Engineer | LTS NetSys
Brandeis University
x67149 | (617) 701-7149
cappalli@brandeis.edu


Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.