Jamf Nation Community

kschlatter · ‎09-06-2012

We have a 10.8 image that is encrypted with Filevault 2 and are using a configuration profile to set up the wireless with the Use as a Login Window configuration option. When I boot the machine with a wired network connection and the airport turned on, it connects to the wireless with no problem. If I log off and back on after that with no wired connection, the wireless connects fine, drives map, etc. We run into a problem when we reboot (or cold boot) with no wired connection. I enter the user password at the filevault boot screen and then the machine boots and logs in with SSO. At this point it cannot connect to the wireless and gives a self-assigned IP. Log off and back on has no affect. Turning the airport off and on has no affect. However, if I plug the network cable in, the wireless connects with a valid IP after a few seconds and continues to work fine. My next tests are imaging a machine, using the same wireless profile, but no filevault to see if the problem persists. Does anyone have any other thoughts or has anyone else run into this issue?

kschlatter · ‎09-07-2012

UPDATE - Newly imaged machine with 10.8, but no filevault shows the same symptoms. I can log in and the wireless will connect with my configuration profile and AD credentials when there is a wired connection. At that point, I can pull the wired connection and log off and back on and the wireless connects in a few seconds. If I reboot with no network cable and log in, the wireless fails to connect and gives a self-assigned IP.

ernstcs · ‎09-07-2012

Specifically 10.8, or are you using 10.8.1? I'll test some more, too, but I haven't seen it. I was trying to recall my order though and if I rebooted with the hard line pulled at least once. Naturally it would be there after imaging since I image over the wire.

kschlatter · ‎09-07-2012

I don't have the detailed testing from 10.8.1 as we rolled back to 10.8.0 to ensure that it wasn't caused by the update. We were seeing wireless issues with 10.8.1 as well.

ernstcs · ‎09-07-2012

Well, if I'm understanding correctly 10.8.1 might solve part of your problems. I don't use Filevault...yet.

I have an iMac running 10.8.1 bound to AD and wired, and it also has a configuration profile for wireless. If I unplug the wired network I can still login fine with a new AD user at the login screen. If I reboot the computer with no wired network a different AD user who has never logged in can also get in fine. Am I testing this correctly to help you?

However, from what I am seeing I can also confirm for some is the damn setting for create a mobile profile without asking isn't sticking when you bind, even by hand. I know that I set it when I bound, but I was getting prompted to create mobile profiles for every new user. I'll have to try that with the latest beta build and report another bug perhaps.

tkimpton · ‎09-07-2012

Sorry this is slight off topic but wanted to share some info on the apipa problem

FYI the Wifi Self signed address problem is not new. This has been a problem for quite some time and Apple still hasn't fixed it.

The problem is with cached Dns. If you are on network 1 and then change to network 2 you will find your wi-fi network service still keeps Dns settings of network 1 and you can actually see it on the Dns tab!

This is the reason you hear people just say turn airport or wifi off and on again.

*What I do is have a launch daemon with a watch path to the system configuration and script to do the following

*Clear the Dns settings for airport by setting DNs to "empty"

*Turn on airport if Ethernet is disconnected and vice versa

*If airport has apipa then turn off airport and turn it on again

*Mount the network shares

* If the user tries to connect to some specified ssid that we have for other purposes then airport will turn off and back on again. This has been amusing as someone found out an external network password but still couldnt connect anyway and kept connecting back to the corporate wifi :)

Just need to get it to also work for 10.8 now as well as 10.6. My main problem is Apple changed airport to wi-fi grrrrrrrr

Not to fear because thanks to Ben Toms for giving me an ideas to look for both network services and use that as a variable in the script :)

kschlatter · ‎09-10-2012

@ernstcs - I did some more testing Friday and over the weekend. I have a 10.8.0 machine without Filevault and I am seeing the same issue. I tried to clean up the steps here:

• Apply wireless configuration profile to AD connected MacBook Pro
• Boot with wired connection to production network and airport turned on.
• Log on with domain account, wired and wireless both connect and have valid IP addresses assigned. • Disconnect network cable (wireless stays connected) and log off. • Log back on with same domain account and wireless connects in a few seconds. • Reboot with network cable still disconnected.
• Log on with domain account and wireless fails to connect showing a self-assigned IP. User account does not lock out on the domain so it doesn't appear to be passing bad credentials for wireless. • Connect network cable and wireless connects a few seconds after the wired connection.

I'll try an update to 10.8.1 to see if that makes any difference. I haven't tried logging in with a different AD user as that doesn't fit our scenario, but can definitely try for the fun of it. I haven't seen an issue with the mobile profile, but will keep my eyes out. Generally our machines are set up for one person and no one else would typically log on to it.

@tkimpton - Our production wireless which is what I am trying to connect to uses the same DNS servers as our wired production network. It is on a different subnet. I wouldn't expect the DNS settings to cause a problem if they are the same, but I'll take a look today during testing and see what I find.

Thanks for the help so far!

Jamf Nation Community

10.8 Wireless Authentication issue