We are setting up a pilot at present which is one ruckus zone director centrally in a DMZ with a smoothwall proxy filter. The APs are tunneled back to the DMZ from half a dozen schools. The zone director is authenticating against AD and the smoothwall has a non-transparent proxy authentication off. All wireless traffic will be restricted to the DMZ and internet and will not touch the local network.
Our intention for the pilot is to use our own kit with IE configured to use the proxy filter. I couldn't get the captive portal to work everytime so have set the captive portal page as the home page in the browser. This works reasonably well for the pilot although we will need to look at a more flexible solution for personal clients etc.
There is a problem however with the authentication. When a wireless client logs of or even shuts down, restarting the client a few minutes later will give access under the previous user's login details. I have not tried a longer pause but would have expected the authentication to be dropped when the client was no longer connected.