Skip to main content

So, odd use case I know, but here's my dilemma:



Our privileged wifi is allowed via certificates that are installed via configuration profile, and they authenticate based on the machine being bound to AD. Sometimes, our users take their laptops offsite for periods of time, during which their AD password changes. The next time the machine touches our network, it breaks the privileged wifi and puts the laptop on our general network.



The solution has been to delete the wifi profile, delete the keychain entry that our general wifi installs in the login keychain, and then reinstall the wifi profile.



I'd love to come up with a solution that a user can do from Self Service, but the issue becomes: how do i get the wifi certificate back on the machine if it doesn't have internet?



Would it be possible to use Composer to create a package that "installed" the wifi profile, cache it, and then create the Self Service profile that uninstalls the current profile, deletes the single keychain entry, and then install the cached "package" which will reinstall the profile?

Hmm, I actually don't know with any degree of certainty if a bad or poor APNs connection would be removing profiles. I suppose it's possible, but I haven't seen anything like that happen to us in quite some time now.



But, if you're determined to go this route for now, I would suggest taking another look at the script I posted above on my GitHub page (found here), which has the necessary code to install User Level profiles as the current user. The relevant code starts on line 167. You'll see that I'm getting the logged in user and the logged in UID, and then on line 174, it installs the profile as the user. You could try to incorporate what I have there into your own script.
Unlike System Level profiles, User Level get installed to an account, not globally like System profiles.

Thanks again. I don't want to go this route but support keeps getting tickets that the user loses o365 so I am hoping to have this available in self service for them. Just in case. I will be opening a ticket with Jamf support as well to discuss it. Maybe they can find the issue.

delete

FYI they removed the ability to install a profile with the command line profile command in osx 11.0



"profiles tool no longer supports installs. Use System Preferences Profiles to add configuration profiles."



see here:
https://www.alansiu.net/2021/01/06/semi-automating-profile-installation-in-big-sur/



so the method above wont work. I am happy that other people find the configuration wireless profile to be buggy as well. My macs are all losing their profile randomly sadly so i was looking for alternative methods to connect them up. I guess this wont be it. The open command referenced in the article does not do what i wanted.



i think we will move towards a certificate based install anyway and away from PSK. I dont supposed someone has a guide on that? well i am going to look around and research it now.

Reply


Terms & ConditionsCookie settings