Networking, Wireless, Multi-user Wireless Device Access and IllinoisNet (Operator Accounts)
This page contains information on accessing IllinoisNet with multi-user devices that (for technical reasons) cannot be connected to an Active Directory in the normal way, such as tablets, robots and special-purpose hardware.
Campus units may now obtain authorization to connect to IllinoisNet Wireless SSID with multi-user devices such as shared tablets, robots, and wall kiosks when those devices are unable to join an Active Directory in the traditional way.
NOTE: This service is not designed to replace short-term guest accounts or long term guest accounts (one month or more), or in place of having a user login with their own NetID on single-user devices.
A unit wishing to use this service will need:
- One or more people with the ability to create user accounts in the UofI Active Directory (AD)
- A security group in the UofI AD named <unit>-devices
- A completed device access form needs to be turned into Technology Services (scan signed copy to firstname.lastname@example.org or return to DCL 2120)
Once Technology Services has the form on file, the security group requested will be added to the area of the UofIAD that specifies what accounts can login to the IllinoisNet Wireless SSID.
- The unit will be responsible for creating a user account (not a machine account) for each device they want to connect to wireless using this service.
- The unit is responsible for meeting all campus guidelines on password complexity and longevity for these accounts.
- The unit must follow the campus' , including knowing who is using the device at any time for general access devices.
- Special purpose devices such as robots and kiosks need to be implemented in such a way as to preclude users from getting access to general network applications such as web and email.
The format of the usernames placed into the UofI AD security group is very strict in order to provide a reasonable assurance that the device using the account is the one it was created for. The accounts need to be named in the format device-1234ab5678cd, where the string of numbers and letters behind "device-" is the MAC address of the device with the letters in lower case. The authentication will check both the username/password combination and compare the MAC address of the connecting device to the MAC address in the username.