Great topic. I am trying to sort out whether we should use PEAP or mac authentication as well.
As for the devices, how do you limit the users to four devices? Do you allow all of the devices on the internal network or a separate SSID for devices and computers? Thanks, Bob Williamson Network Administrator Annie Wright School 827 North Tacoma Avenue Tacoma, WA 98403-9987 (253) 272-2216 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Fleming, Tony Sent: Monday, November 07, 2011 2:20 PM To: [email protected] Subject: [WIRELESS-LAN] WPA2-Enterprise - account lockouts and password changes Crew, We have had several complaints from our students about wireless trouble. We believe we have a couple issues going on: Account lockouts - Our students are allowed to register four devices on WiFi and the majority of our students using all of their registrations ( laptops/ipads/smartphones...) What we see are a lot of password failures resulting in account lockouts. If one of their four devices has a bad username and password combination stored in the WiFi profile, it just compounds the problem and creates a lot of confusion for our students. Sadly, these devices do not return a failure cause to the user and is interpreted as a bad signal or bad network. OSX and WPA2 - It is our observation that OSX has a continual history of WPA2 bugs. My questions to the group: How do you guys handle Account lockouts? Do your students interpret these issues as WiFi trouble? If so, how are you changing that perception? Have any of you abandoned 802.1x (PEAP) because of this issue? Do you see the same trouble with OSX and WPA2? ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
