I don't think this can be done without clearpass but thought I'd put it out there to you guys and see what I get.
Customer wants an SSID that uses captive portal to authenticate users off of the internal database or Radius (doesn't matter which). Easy right? Well here is the catch, they only want the user to be able to log in with a single device.
Scenario is, they give each user their own unique username and password that will allow them to log on with a single device. After the controller sees that user logged on it would block any other request from that user until they log off the one connected device. This would prevent them from connecting multiple devices (phone, iPad, etc etc) and would stop them from giving there username and password to their buddy so they can share access.
I don't think this can be done with standalone controller without clearpass.... thoughts?