We actually authenticate them with a certificate. We push a configuration
profile from our MDM solution (JAMF) and it gets a cert from our internal CA
and configures the wireless to use it. Works pretty well until the certificate
expires. Haven't figured out an automated way to manage that
For devices that aren't assigned to or owned by a specific person, we either
log them in the 802.1x SSID with one AD account we use for all the oddballs, or
put them on the PSK SSID.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On
We currently use PEAP=MSCHAPv2.
For department-owned devices, we create a service account per department.
We also have iPads used in out elementary & high school. The students are
divided into 3 groups based on academic grade. We have a service account per
group and different web filtering