EAP-TLS (Wired or Wireless) Prompting for Admin Account When Connecting

Question

Hi all,

We are moving to EAP-TLS on wireless and wired, but because the workstations unique certificate and the rest of the chain is in the System Keychain, an admin prompt is popping up when connecting.  I am pushing the certs out using the &#034;AD Certificate&#034; Configuration Profile which pulls the certificate from an Active Directory Certificate Server.  SCEP is not an option.  Is there any way to use machine level authentication with EAP-TLS for non admin users?  This is a big show stopper for us since not all our Mac users are admins.

michaelhusar · Answer

We use EAP-TLS just for Wifi:I have a Profile to distribute the Wifi settings: It holds 3 certs to cover the whole chain (wifi-cert, access-point - cert, CA-cert). Network-payload: &#034;protocols&#034;: EAP-Type: TLS is checked, no username, identity cert is set to the wifi-cert; under &#034;trust&#034; the access-point and the CA-cert are listed and checked; under cert-names the wifi-cert-name and the access-point-cert-name are enteredMaybe check also your wifi-identity-cert: since it is secured with a password (pkcs12) it &#034;looks&#034; different than the other certs: &#034;No information can be displayed&#034;

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded