Hi Greg,

I’m assuming your customer is using an open network with captive-portal -  
what’s the “life time” of those passwords? I’m a bit surprised to hear about 
“smoothing” the process from going from a captive-portal network to an 802.1x 
Network (there are definitely a few ideas that come to mind where that could 
definitely be the case) – but password/change issues occur even with 802.1x 
PEAP-MSCHAPv2 clients – which results in “unhelpful” – “Can’t Connect to the 
Network” -> Windows 10 Error Message – or “Can’t Connect to Network / Try 
Moving Closer to the Router” on Mac OS X.

We’re actually starting to move forward with EAP-TLS certificate authentication 
with Secure W2 onboarding within the next year. I do have some more thoughts 
I’ll share later, but am curious about that current setup.

Christopher Johnson
Wireless Network Engineer
AT Infrastructure Operations & Networking (ION)
Illinois State University
(309) 438-8444
Stay connected with ISU IT news and tips with @ISU IT Help on 
Facebook<https://www.facebook.com/ISUITHelp/> and 
Twitter<https://twitter.com/ISUITHelp>

From: The EDUCAUSE Wireless Issues Community Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> On Behalf Of Coehoorn, Joel
Sent: Wednesday, November 06, 2019 12:27 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] [EXT] [WIRELESS-LAN] Password reset/change guidance

[This message came from an external source. If suspicious, report to 
ab...@ilstu.edu<mailto:ab...@ilstu.edu>]
I'd love to "stand up an onboarding system", but so far the cost has been far 
too much for us relative to the user experience.

The UX hasn't been there because the better options want to use sms and 2 of 
the top 5 cellular carriers have poor coverage on our campus. We can help 
students and employees work past that, but it makes us unwelcoming to too many 
guests.

With this limitation, I don't see anything better than 1x at the moment.

On Wed, Nov 6, 2019, 12:04 PM Sweetser, Frank E. 
<f...@wpi.edu<mailto:f...@wpi.edu>> wrote:
Personally, I'm a big fan of leveraging certificates for wireless 
authentication.  It completely decouples the username and password once you're 
past the provisioning process, but you can still tie your RADIUS server into AD 
to reject people with locked out accounts if you want.  Machines on a domain 
can leverage ADCS, but for BYOD devices you'll need to stand up an onboarding 
system, like SecureW2 or Clearpass.

For setup, we have an open SSID that's dual purposed with guest logins, but 
also allows access to our onboarding system.  This allows users to do it 
completely self service.

Frank Sweetser
Director of Network Operations
Worcester Polytechnic Institute
"For every problem, there is a solution that is simple, elegant, and wrong." - 
HL Mencken
________________________________
From: The EDUCAUSE Wireless Issues Community Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> 
on behalf of Kovich Greg 
<greg.kov...@al-enterprise.com<mailto:greg.kov...@al-enterprise.com>>
Sent: Wednesday, November 6, 2019 8:41 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: [EXT] [WIRELESS-LAN] Password reset/change guidance

Hello WLAN Community,

A customer of ours has been using a captive portal to authenticate students to 
WiFi (Alcatel-Lucent branded Aruba gear).
When a student forgets or does not reset their password there is a link on the 
CP to accomplish that… unfortunately, there have been problems with the variety 
of  student device browsers, so they are considering a move to 802.1X 
authentication in the hope that this smooths out the student experience.

What best practice advice do you have for students to deal with password 
changes/resets when they can’t connect to the campus WiFi?

Thank you for any guidance you can provide!!
Sincerely,
Greg

-------

Greg Kovich
Director, North America Education Sales
Alcatel-Lucent Enterprise
ALE USA
3015 Abby Lane | Suite 301-B
Schererville, IN 46375
t:  +1-818-878-4667<tel:+1-818-878-4667>     m:  
+1-219-276-2320<tel:+1-219-276-2320>
e:  greg.kov...@al-enterprise.com<mailto:greg.kov...@al-enterprise.com>    w:  
www.al-enterprise.com<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.al-enterprise.com%2Fen&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941454521&sdata=YjEk1reDcRF%2BO10mayOUAtPdg2RSRO6uXzfoKqUOFF4%3D&reserved=0>
@ALUEnterprise
[LinkedIn]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Falcatellucententerprise&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941464515&sdata=tYaHJTdfbwSXhJLi2NSTx40DJ9Ifb0qSNJ2mrWSMF%2Fk%3D&reserved=0>
[Twitter]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Faluenterprise&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941464515&sdata=oQ5rqerUHwLVnHO39ur1IPZE3lYCJLKVC1RTyQ6uZak%3D&reserved=0>
[YouTube]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fuser%2FEnterpriseALU&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941474507&sdata=fW%2By5vokedvuqLC3%2BPfw3NHr4d4bzI3p21wqt%2BDuumY%3D&reserved=0>
[Facebook]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FALUEnterprise&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941474507&sdata=0%2FBr3kES1x6Dk2tZzyfbPMXwpSjVBdJMAzQRPFxxG0M%3D&reserved=0>
[Rainbow]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fweb.openrainbow.com%2Fapp%2F1.31.7%2Findex.html%23%2Flogin&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941484505&sdata=oi63cJai15dS%2F7KjbeuOxLw%2FaWEtRXD3Rpcx1L2e8XA%3D&reserved=0>

[https://www.al-enterprise.com/en/-/media/assets/internet/images/logo.png]<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.al-enterprise.com%2Fen&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941484505&sdata=rvO3hu1VaUOP64o7n01%2BDYhLaJveQ5Z12FiO197m4ng%3D&reserved=0>
The Alcatel-Lucent name and logo are trademarks of Nokia used under license by 
ALE.
This communication is intended to be received only by the individual or entity 
to whom or to which it is addressed and may contain information that is 
privileged/confidential or subject to copyright. Any unauthorized use, copying, 
review or disclosure of this communication is strictly prohibited. If you have 
received this communication in error, please delete this message from your 
e-mail box and information system (including all files and documents attached) 
and notify the sender by reply email.



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cfs%40WPI.EDU%7C8910f04de80845c455f408d762c06e2b%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637086450941484505&sdata=8D2rONQYxQko1KlyUYabe%2F3N%2FkdpCk4AY%2BiXrI%2FqZ2Q%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Reply via email to