Using Generic AD User Account for Authentication on Many Devices

  • 1
  • Question
  • Updated 2 years ago
Hoping someone with wireless/Active Directory/RADIUS knowledge can help me.  Our main SSID in our schools uses 802.1x/RADIUS authentication for staff (staff can authenticate with their username and password on the wireless network) and students have to have a district-supplied device (iPad, Chromebook or Windows laptop) in order to authenticate.  The Windows laptops aren't an issue as they can authenticate based upon the computer name since the Windows laptop is on the Windows domain.  The iPads and Chromebooks are a different animal - we use one generic AD user account for all of those devices to authenticate.  We presently have approximately 2500 iPads and 9000 Chromebooks throughout the district (25 schools).  I haven't been able to find any information stating that an AD user account has any kind of limit as to how many times it can be used concurrently, but with some connection issues that we've specifically experienced this week with the start of school, I'm wondering if there is or could be connection issues with these devices since they all use the same generic user account.  We didn't want students to be able to authenticate with their own username and password from AD so that they can't connect their own devices on our network (we have not implemented a BYOD network yet).  If anyone has any information or knowledge that they can share on this subject, I would love to hear it.
Photo of Rob Pritchard

Rob Pritchard

  • 86 Posts
  • 8 Reply Likes

Posted 2 years ago

  • 1
Photo of Dianne Dunlap

Dianne Dunlap

  • 75 Posts
  • 15 Reply Likes
I've never seen that be a problem though I've not seen generic usernames done with 802.1x.  We have folks using generic AD accounts with 'not allowed to change password' for lower grades in the schools tied to content-filter.  If there were such a limit in AD, schools would likely hit it and haven't seen that happen.  You would want to check NPS logs and/or Aerohive debugs for access-rejects.