10.10.4 has been released, but the 802.1x wifi behaviour is still faulty. If a profile is installed with a wifi payload with "Use as Login Window configuration" ticked, the wifi will connect on login, but it does not reconnect after waking from sleep.
Looks like we will have to wait for 10.11 to be released if we want reliable 802.1x connectivity.
Yep, 10.11 it is. Sorry folks the park's closed ... impact data not sufficient to warrant a fix in Yosemite OS.
Use computer auth as workaround ...
I'm still having the reconnect after sleep issue on the latest 10.11 beta. Initial connection works perfectly but after a wake the client machine just shows continuous attempts to authenticate but the AP and ACS logs show no attempts are actually getting through.
Cisco network running 802.1x PEAP and using a Login Window profile.
@tomt
I'm just getting around to testing what I believe to be the latest (15A216G). I'm using a JSS generated config profile (what we have working reliably with 10.9.5) and successfully reconnecting to WiFi after sleep. Are you sure you are using the latest 10.11 beta build? I was having some poor luck yesterday, but wasn't on the latest (and I think Apple regressed for a bit). We are also Cisco/PEAP and the aforementioned config profile is using Login Window (alone, no Computer/Dir Auth added).
Edit:
I do experience some "misses" when iterating through accounts where it drops user in to cached account. However, when successfully grabbing wireless on login, reconnecting to WiFi after sleep has been reliable with build 15A216G.
I still seem to have better login reliability with Profile Manager profile than JSS generated using 10.11 (reconnect to WiFi after sleep aside).
@CGundersen I'm running 15A178W that I built two days ago. I'll see if there is a newer one available for my test system (13" Retina MBP). If so I'll try that and post the results.
Thanks
@tomt
I believe that build (15A178W) was troublesome for me as well. Look forward to hearing your results.
Updated to 15A216G and it immediately connected with the PEAP network. Put it to sleep for 10 minutes and it reconnected on wake. Put it to sleep again for roughly half an hour (or a bit longer) and it reconnected happily.
Now we just need someone to reverse engineer the fix so I can get Yosemite to actually work. :-)
I've updated to 15A216G too and tested our wifi profile (configured with use as a loginwindow configuration). Wifi connects on login and also after waking from sleep, so its still looking good! Pretty sure there is no hope for Yosemite though.
It was quite a surprise to see a beta for 10.10.5 drop today. Unfortunately there is no change in the "wifi reconnecting after waking from sleep" behaviour.
I see in the 9.73 release notes this defect that is fixed. D-008688 - Did Jamf fix Apple's problem? Interested in testing soon.
http://resources.jamfsoftware.com/documents/products/documentation/Casper-Suite-9.73-Release-Notes.pdf
I just installed 9.73 and we had the problem here at the school I work at. I repushed the Configuration Profile. I'll report back if we seem to continue running into the problem.
I upgraded the JSS to 9.73, edited and saved our wireless profile, removed and re-added the profile on a laptop running 10.10.5 but it still doesn't connect to the wireless after waking from sleep.
After a full day and some change I almost feel like the problem is worse now post 9.73 :(
Why's Apple gotta break wifi every other major revision of the system 10.7 was great, 10.8 not so great, 10.9 great, 10.10 been not so great.
Anyone found a solution for this yet? :(
One idea on a workaround is to use crankd to detect an wake or network event and reconnect to the wireless, it’s part of the PyMacAdmin set of tools <https://github.com/nigelkersten/pymacadmin>. We are doing something similar on another project for a kiosk that we might be able to use on this issue.
I will post if we come up with anything useful.
I just switched to a Radius-as-a-Service company. The wireless network that used to work fine with WPA2-Personal now uses WPA2-Enterprise and authenticates fine, but I'm now experiencing the same kind of dropouts when waking from sleep that others in this thread have mentioned.
I just installed OSX 10.11.1, which came out yesterday, but I don't know yet if this made a difference. I'm still gathering data.
This is not a problem I was expecting when switching to Radius.
Have you tried modifying the sleep behavior of the computer?
IE:
Policy on enrollment complete
process pmset -c sleep 0 displaysleep 180 disksleep 180 womp 1 networkoversleep 0
I've been fooling around with 10.11.1 and things seem much better. I don't have enough data yet to say things are fixed but it's looking good.
Jon
Hi,
Was any fix for this problem ever identified? We have an 802.1x WPA2 Enterprise wireless network with Windows Server 2012 RADIUS server and Wi-Fi auto-login pushed to the login screen of our Macbooks by Casper configuration profile, exactly as described above, and are seeing the same issues.
We have had reports of the issue happening after waking from sleep and during use so not 100% sure of the trigger. Also worth noting that our Macbooks lock when put to sleep, so the password has to be entered.
The problem only happens on 802.1x with these laptops - staff's own Macbooks are fine; iPads are fine, mobile phones of all kinds, etc.
Macbooks are 10.11.6 El Capitan.
I've done a small testing sample with 10.12.1 Sierra, but haven't been able to reproduce. Interestingly the prototype doesn't lock the screen when it goes to sleep.
Regards,
Robert
Hi,
I have been doing further research on our RADIUS server and observed that on a small number of occasions our laptops send machine credentials rather than user credentials - these authentication requests are rejected, as the computer objects are not permitted to authenticate based on any policy we have. I have a theory that this might be causing the issues we are seeing and plan to implement a work-around policy to permit the Domain Computer credentials to test the theory out.
This isn't an ideal solution though, as we have different SSIDs for different groups of users and such a solution could accidentally allow the wrong user onto the wrong SSID. Does anyone have any idea why the Macbooks would be doing this?
Regards,
Robert
@kidtrebor I am running into this as well, but using Cisco for 802.1x instead of Windows. In my scenario, you would have to click on the network you want to join. Worked ok in Yosemite. Testing with Sierra now, ill report if I find anything useful.
@jrserapio - not quite sure what you mean by having to click on the network - that's from the desktop or the login screen? If the latter that's also what we're doing. Suppose this could be an incompatibility/issue between Casper and Windows Server?
Regards,
Robert
Hi all some of you had experience with macOS 10.14.4 regarding this subject ?
@bdelamarche Yes, but with ethernet 802.1x not Wifi.
