Personally, I'm a big fan of leveraging certificates for wireless authentication. It completely decouples the username and password once you're past the provisioning process, but you can still tie your RADIUS server into AD to reject people with locked out accounts if you want. Machines on a domain can leverage ADCS, but for BYOD devices you'll need to stand up an onboarding system, like SecureW2 or Clearpass.
For setup, we have an open SSID that's dual purposed with guest logins, but also allows access to our onboarding system. This allows users to do it completely self service. Frank Sweetser Director of Network Operations Worcester Polytechnic Institute "For every problem, there is a solution that is simple, elegant, and wrong." - HL Mencken ________________________________ From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> on behalf of Kovich Greg <[email protected]> Sent: Wednesday, November 6, 2019 8:41 AM To: [email protected] <[email protected]> Subject: [EXT] [WIRELESS-LAN] Password reset/change guidance Hello WLAN Community, A customer of ours has been using a captive portal to authenticate students to WiFi (Alcatel-Lucent branded Aruba gear). When a student forgets or does not reset their password there is a link on the CP to accomplish that… unfortunately, there have been problems with the variety of student device browsers, so they are considering a move to 802.1X authentication in the hope that this smooths out the student experience. What best practice advice do you have for students to deal with password changes/resets when they can’t connect to the campus WiFi? Thank you for any guidance you can provide!! Sincerely, Greg ------- Greg Kovich Director, North America Education Sales Alcatel-Lucent Enterprise ALE USA 3015 Abby Lane | Suite 301-B Schererville, IN 46375 t: +1-818-878-4667<tel:+1-818-878-4667> m: +1-219-276-2320<tel:+1-219-276-2320> e: [email protected]<mailto:[email protected]> w: www.al-enterprise.com<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.al-enterprise.com%2Fen&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941454521&sdata=YjEk1reDcRF%2BO10mayOUAtPdg2RSRO6uXzfoKqUOFF4%3D&reserved=0> @ALUEnterprise [LinkedIn]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Falcatellucententerprise&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941464515&sdata=tYaHJTdfbwSXhJLi2NSTx40DJ9Ifb0qSNJ2mrWSMF%2Fk%3D&reserved=0> [Twitter] <https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Faluenterprise&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941464515&sdata=oQ5rqerUHwLVnHO39ur1IPZE3lYCJLKVC1RTyQ6uZak%3D&reserved=0> [YouTube] <https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fuser%2FEnterpriseALU&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941474507&sdata=fW%2By5vokedvuqLC3%2BPfw3NHr4d4bzI3p21wqt%2BDuumY%3D&reserved=0> [Facebook] <https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FALUEnterprise&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941474507&sdata=0%2FBr3kES1x6Dk2tZzyfbPMXwpSjVBdJMAzQRPFxxG0M%3D&reserved=0> [Rainbow] <https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fweb.openrainbow.com%2Fapp%2F1.31.7%2Findex.html%23%2Flogin&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941484505&sdata=oi63cJai15dS%2F7KjbeuOxLw%2FaWEtRXD3Rpcx1L2e8XA%3D&reserved=0> [https://www.al-enterprise.com/en/-/media/assets/internet/images/logo.png]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.al-enterprise.com%2Fen&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941484505&sdata=rvO3hu1VaUOP64o7n01%2BDYhLaJveQ5Z12FiO197m4ng%3D&reserved=0> The Alcatel-Lucent name and logo are trademarks of Nokia used under license by ALE. This communication is intended to be received only by the individual or entity to whom or to which it is addressed and may contain information that is privileged/confidential or subject to copyright. Any unauthorized use, copying, review or disclosure of this communication is strictly prohibited. If you have received this communication in error, please delete this message from your e-mail box and information system (including all files and documents attached) and notify the sender by reply email. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941484505&sdata=8D2rONQYxQko1KlyUYabe%2F3N%2FkdpCk4AY%2BiXrI%2FqZ2Q%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
