Hi,
We have several mobile shared iBook and MacBook carts in our campus's
wireless network, and all students and faculty use Active Directory
accounts. We're implementing the 'Golden Triangle' setup of having Mac
clients authenticate users with the Active Directory and pull preferences
from the Open Directory server (our Xserve which also hosts Casper).
In the past, our wireless network had been unencrypted. In a couple of
weeks, we'll be encrypting the 802.1x wireless network, and wireless clients
will be required to authenticate with a Active Directory username/password
(via LDAP using Microsoft IAS as a RADIUS server) to gain network access. In
theory, after starting up a school laptop, a user would first somehow have
to authenticate to the wireless network with AD credentials, and then they
would be able to login to the computer with AD credentials. (They'd need a
network connection to login to the Mac with their AD credentials so it could
contact the RADIUS server, so they'd need to authenticate for wireless
first.)
Does anyone have a similar setup or have knowledge in the subject? If so,
what kinds of issues have you experiences with such a setup?
We'd appreciate any thoughts.
Ben Slutzky
Manlius-Pebble Hill School
