[Casper] Wireless authentication & Active Directory logins

[Slutzky, Benjamin]

Hi,
We have several mobile shared iBook and MacBook carts in our campus¹s
wireless network, and all students and faculty use Active Directory
accounts. We¹re implementing the ³Golden Triangle² setup of having Mac
clients authenticate users with the Active Directory and pull preferences
from the Open Directory server (our Xserve which also hosts Casper).

In the past, our wireless network had been unencrypted. In a couple of
weeks, we¹ll be encrypting the 802.1x wireless network, and wireless clients
will be required to authenticate with a Active Directory username/password
(via LDAP using Microsoft IAS as a RADIUS server) to gain network access. In
theory, after starting up a school laptop, a user would first somehow have
to authenticate to the wireless network with AD credentials, and then they
would be able to login to the computer with AD credentials. (They¹d need a
network connection to login to the Mac with their AD credentials so it could
contact the RADIUS server, so they¹d need to authenticate for wireless
first.)

Does anyone have a similar setup or have knowledge in the subject? If so,
what kinds of issues have you experiences with such a setup?

We¹d appreciate any thoughts.

Ben Slutzky
Manlius-Pebble Hill School