We tried SSO with windows 7 and the GINA confuses people because it asks them enter their user name twice (once for wireless and once for the domain).
Also the GUI tells the user to use DOMAIN/user-name for the format of wireless logon which leads to confusion. We would restricting machines logins to machines on campus only, mainly shared classroom and checkout machines. I did get something running in RADIATOR by creating a handler for user names that start with "host/<machine-name>". We have security issues we also need to address. Evidently it's hard to keep track of AD user logins. -Neil On Apr 2, 2013, at 1:46 PM, Tim Cappalli <[email protected]<mailto:[email protected]>> wrote: What version of Windows? Starting with 7, you can do single sign-on from the login screen which is a great alternative to machine auth. Tim Tim Cappalli ACMP CCNA Network Engineer | LTS NetSys Brandeis University x67149 | (617) 701-7149 [email protected]<mailto:[email protected]> On Tue, Apr 2, 2013 at 2:09 PM, Lee H Badman <[email protected]<mailto:[email protected]>> wrote: He used to- now he’s like Cher, or Yani. I bought his last disc- the dude can play the radius like no other. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]<mailto:[email protected]>] On Behalf Of McNamara, Diane Sent: Tuesday, April 02, 2013 1:12 PM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] eduroam and machine authentication Does phanset have a last name? "Difficult things take a long time, impossible things a little longer". ~André A. Jackson ***************************************************************** Diane R. McNamara Director of Telecom/Networking <image001.png>Union College Old Chapel Rm 200 807 Union Street Schenectady, NY 12308 518-388-6411<tel:518-388-6411> www.union.edu<http://www.union.edu/> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of phanset Sent: Tuesday, April 02, 2013 1:10 PM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] eduroam and machine authentication Neil, If you want to do machine authentication for local access, the SSID is yours, so treat it like you would treat any other SSID on campus. For machine authentication, I know that University of Tennessee used a lot of AD Group Policies to accomplish Machine Authentication, while maintaining user authentication at the same time (the machine can jojn the network to talk to AD on its own but each user has to authenticate independently to access the functionality of the machine). As Anders mentioned, if you give access to those machines with a REALM, empowering them to travel to other eduroam locations, make sure that someone is responsible for their usage. Best, Philippe www.eduroam.us<http://www.eduroam.us/> On Apr 2, 2013, at 12:18 PM, "Johnson, Neil M" <[email protected]<mailto:[email protected]>> wrote: We are getting requests to do windows machine authentication on our eduroam SSID (just for local machines). Is there anyone else out there doing this ? Thanks. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938<tel:319%20384-0938> Fax: 319 335-2951<tel:319%20335-2951> Mobile: 319 540-2081<tel:319%20540-2081> E-Mail: [email protected]<mailto:[email protected]> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: [email protected]<mailto:[email protected]> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
