On Sep 27, 2011, at 3:55 PM, William John Bigelow wrote: > Anyone have thoughts on how shared laptops or laptop lab devices should be > handled using enterprise WPA2/802.1x?
Our cluster folks wanted to be able to manage the laptops when they were powered on but nobody was logged into them. (For updates etc). So we used machine certificates and EAP-TLS. The cluster management folks are happy and the security folks are satisfied because students must log into the machines and that info is logged just as it is for wired clusters. Microsoft was a bit fussy about the certificates so it was extra research and work to generate machine certificates with openssl. Should be less of a problem if you are using Microsoft to generate the certificates. We also did the same thing for some Macbooks. They are running Snow Leopard, we haven't tested with Lion yet. > Or perhaps ideas on how to force clients from avoiding those SSID's all > together? > > > William Bigelow > Senior Network Technician > BGSU > Information Technology Services > (419) 372-8463 > bige...@bgsu.edu > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II 701-231-8527 North Dakota State University