Skip to main content
Question

Disable LAN auto 802.1x

  • May 15, 2013
  • 5 replies
  • 35 views

Forum|alt.badge.img+2

Is there a way to disable the auto checked "Enable Automatic Connection" 802.1x pref for LAN in 10.7/10.8, either through policy or script?

5 replies

Forum|alt.badge.img+18
  • Contributor
  • May 16, 2013

Isn't that an option in the Configuration Profile you used to provision 802.1x? I believe that may be the "AutoJoin" key, but I haven't tested it.


Forum|alt.badge.img+2
  • Author
  • New Contributor
  • May 20, 2013

alexjdale - That is not an option for the LAN connection, ultimately we would like to disable the macs from attempting to authenticate against 802.1x in any way. To expand the information on the problem our network group enabled 802.1x authentication on our switches but we are not ready to utilize the authentication yet.


Forum|alt.badge.img+4
  • Contributor
  • September 11, 2013

bump, running into the same issues when dealing with NAC. The bug in 8.6x has not allowed me to make a configuration profile that will enable "Use Directory Authentication". I contacted support and they stated it was available in casper 9. However, I do not see that setting as an option there either.


Forum|alt.badge.img+4
  • Contributor
  • September 21, 2013

I got around this by using the osx Profile manager from 10.8. Once i had that, I was able to change the xml code to what I needed.

<key>PayloadContent</key> <array> <dict> <key>AuthenticationMethod</key> <string>directory</string> <key>AutoJoin</key> <true/> <key>EAPClientConfiguration</key> <dict> <key>AcceptEAPTypes</key> <array> <integer>25</integer> </array> <key>OneTimeUserPassword</key> <false/> <key>SystemModeCredentialsSource</key> <string>ActiveDirectory</string> <key>TTLSInnerAuthentication</key> <string>MSCHAPv1</string> <key>UserName</key> <string></string> <key>UserPassword</key> <string></string> </dict> <key>EncryptionType</key> <string>Any</string> <key>HIDDEN_NETWORK</key> <false/> <key>Interface</key> <string>FirstActiveEthernet</string> <key>PayloadDisplayName</key> <string>Wired 802.1X</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>com.your.identifier</string> <key>PayloadType</key> <string>com.apple.firstactiveethernet.managed</string> <key>PayloadUUID</key> <string>[GUID-info]</string> <key>PayloadVersion</key> <integer>1</integer> <key>ProxyType</key> <string>None</string> <key>SetupModes</key> <array> <string>System</string> </array>


BCPeteo
Forum|alt.badge.img+11
  • Contributor
  • April 22, 2015

Would also like to disable this on our wired ports. Stems from how our 802.1x network is step up.
I do not see an option to do this in the ethernet network configuration profile. There is no option to turn off 802.1x enable automatic connection (default is on)