We've recently installed a Clearpass system on a college campus and are setup to do dot1x authentication for students.
But we're receiving a lot of negative feedback about the complexity of configuring Windows clients.
Is there an easy (or easier) way to do this? What are other schools doing?
Thanks,
Tony
Hi Victor:
Currently I'm running EAP-PEAP and authenticating via AD.
The user's group membership (staff vs. student) and type of device (AD member / non-AD member) determines what VLAN and profile they get.
Can quick connect be used in this environment? How would it work from the user's standpoint?
>>> Also, these complexities go away with Windows 8.
Oh really? That's good to know.
Are the Win 8 defaults conducive to this setup, or is it employing any smart logic?
Thanks
The "issue" with Windows 7 and earlier is that it tries to machine authenticate first, which is actually normal behavior in a corporate owned device environment. It also attempts to use Windows credentials by default. The other piece is the server certificate dialog box is not well worded so often people click terminate instead of Connect.In Win 8, user authentication is attempted first and the "use Windows account" option is not enabled by default. They've also cleaned up the server verification box to make it clear to the end user.It sounds like QuickConnect would be perfect for your environment. Onboard is overkill for students in a university environment but is perfect for faculty/staff personal devices.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.