A big issue for us is what you are authenticating against. We authenticate against LDAP, and our passwords are stored in 1-way hashes.
What this means is that to do username/password authentication, users need to use SecureW2 software to help in the authentication process. Is anyone else using it? Matt [EMAIL PROTECTED] -----Original Message----- From: Stoney Gan [mailto:[EMAIL PROTECTED] Sent: March 19, 2007 12:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] 802.1X Deployments Hi, William, Here at Syracuse University, we are still in prototype/development stage of implementing 802.1x, but plan to roll out to the whole campus by the end of this summer. One of the issues I have concerns is that our script of configuring 802.1x clients for XP is still requiring the users to click on the balloontip windows for interactions * entering the userID/password and ack the SSL cert. We use AutoIT/Aruba for configuration script. I would really appreciate if you could share your experience * even better your configuration script for XP clients. Thanks, Stoney (I went graduate school in Geology, my wife got her Ph.D. in MIS from UT Austin; both of them hope that we could go back to visit together) Stoney Q. Gan Information Technology Manager Information Technology and Services Syracuse University Phone: 315-443-1808 >>> [EMAIL PROTECTED] 03/18/07 5:30 PM >>> We are half-way through the time period allotted for our 802.1x deployment -- but are only at 13% adoption (out of a total of ~22K users/week). Complete conversion is scheduled by 8/1/07. A locally developed web-redirect system is being utilized by the others. The ones who have adopted 802.1X are reportedly pleased. Phase 1, it was first made available 11/06. We did not make installation scripts available, but have lots of documentation (mistake, it is not possible for a mere mortal to follow the 15 step XP installation process). We had flyers/notices, and offers of extra bandwidth for those that moved (we account/limit bandwidth consumption -- ~5% through bandwidth grants). We believe growth since December is due to word of mouth. Now we are moving to phase 2. Adoption is required by policy. We developed locally an installation application for XP users that includes service packs related to 802.1X. We have added an exceptions process for ill-supported platforms so users may opt-out -- which is recorded under their signature for later audits (and required yearly). We will likely begin some form of active email and web-redirect splash screen nagging April-July with increasing intensity for users that have not moved. Phase 3, August 1, the plan is for campus users to only be allowed to utilize 802.1X. The web-redirect will be reserved for guests and those who opt out for support reasons (and we are contemplating bandwidth restrictions presently applied to guest [256Kbps] to be extended to all users). The phased approach was necessary for our size. Don't know what the fall crunch will bring. System updates which drop support for 802.1X (Apple on certain hardware platforms) have been a support problem. At 11:00 PM 3/16/2007, you wrote: >> My questions after all this- for those who have recently moved to one >> 802.1x in conjunction with the usual rigors of the start of a new >> academic year- how did you transition users over to 802.1x? What worked, >> what failed? Was there a tidal wave of support calls? Did a supplicant >> configuration tool prove to be essential, or were instructions on >> manually configuring the native Windows and Mac supplicants sufficient? William C. Green e-mail: [EMAIL PROTECTED] Director, Networking phone: +1 512-475-9295 ITS (Information Technology Services) fax: +1 512-471-2449 University of Texas 1 University Station Stop C3800 Austin, TX 78712 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
