Skip to main content
Question

Configuration Profile: Network Payload - Use Directory Authentication?


Forum|alt.badge.img+8

In short, what is "Use Directory Authentication"?

We're building login screen network profiles and were wondering what the "Use Directory Authentication" piece uses. To see what I'm asking about, open your JSS navigate to a computer level Configuration Profile, and select Network Payloads, then choose WPA 2 Enterprise, followed by PEAP, there is an option for "Use Directory Authentication". We do use active directory to authenticate this network that will be connected to, but where does JAMF pull the "Directory Authentication" piece (ie: where do we set it)? When you check the "Use Directory Authentication" box, it fills the username/password fields with [set by directory].

5 replies

Forum|alt.badge.img+24
  • Honored Contributor
  • 341 replies
  • July 10, 2013

This means that when a user enters their username and password to login to the machine, it will contact the domain to verify authentication. Meaning, you won't have to add each potential user to the system as local accounts.


Forum|alt.badge.img+8
  • Author
  • Contributor
  • 36 replies
  • July 10, 2013

You could be correct, but if that is the case, how would that allow for "Use as login window configuration" meaning it would be connected to the wifi while sitting at the login screen, thus nobody would have input credentials for it to be using.


antoinekinch11
Forum|alt.badge.img+9

There is a bug that does not let this checkbox apply when checked. When will this be fixed? I am trying to setup 802.1X Wired Ethernet through config profiles and after I check this I go back after I hit save and it is not there!


Forum|alt.badge.img+4
  • Contributor
  • 13 replies
  • September 10, 2013

I can confirm that is happening in my environment as well @ 8.64. Can someone just put up the xml hard code so we can edit the xml that way? Instead of trying to get the gui method working properly?


Forum|alt.badge.img+4
  • Contributor
  • 13 replies
  • September 21, 2013

I got around this by using the osx Profile manager from 10.8. Once i had that, I was able to change the xml code to what I needed.

<key>PayloadContent</key> <array> <dict> <key>AuthenticationMethod</key> <string>directory</string> <key>AutoJoin</key> <true/> <key>EAPClientConfiguration</key> <dict> <key>AcceptEAPTypes</key> <array> <integer>25</integer> </array> <key>OneTimeUserPassword</key> <false/> <key>SystemModeCredentialsSource</key> <string>ActiveDirectory</string> <key>TTLSInnerAuthentication</key> <string>MSCHAPv1</string> <key>UserName</key> <string></string> <key>UserPassword</key> <string></string> </dict> <key>EncryptionType</key> <string>Any</string> <key>HIDDEN_NETWORK</key> <false/> <key>Interface</key> <string>FirstActiveEthernet</string> <key>PayloadDisplayName</key> <string>Wired 802.1X</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>com.your.identifier</string> <key>PayloadType</key> <string>com.apple.firstactiveethernet.managed</string> <key>PayloadUUID</key> <string>[GUID-info]</string> <key>PayloadVersion</key> <integer>1</integer> <key>ProxyType</key> <string>None</string> <key>SetupModes</key> <array> <string>System</string> </array>


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings