802.1x - ADCS and no AD/Scep

jameson
Contributor II

Does anyone has setup 802.1x Wifi on Mac Not bound to AD ?
I can find a lof of info, but all with AD bind or using Scep (which we are not using)

We have set up ADCS and are getting a User certificate on the mac through that, so 802.1x should be possible to setup.

I have tried using the network payload and using the TLS that are using, but not yet succeeded. Anyone with some knowledge or good tutorial somewhere ?

6 REPLIES 6

tthurman
Contributor III

We use jamf's ADCS Connector and have it configured in the same profile as the Wireless SSID for 802.1x.

As long as your Wireless is set up properly, it should work fine.

jameson
Contributor II

@tthurman For authentication do you use one certificate that is installed on every Mac ?(as this is not what I try). From our ADCS each Mac receive has a User certificate that matches the AD record, so each Mac certificate is different and I struggle to see away this can be setup in the network payload

ajassi
New Contributor II

@jameson did you get this working? I have managed to do so using unbound Macs and using Windows Server NPS role, happy to field any questions.

elliots
New Contributor III

Hi ajassi,

I'm in the process of getting ADCS and NPS working for Machine based cert auth but we are having some challenges getting the NPS configured. I'm just a bit stuck getting an NPS policy configuration working with the Cert. Would you be open to sharing your NPS policy? Do you use vlans ? we also want to ensure  specific groups of macs go into specific VLANs (Staff/Student etc) 

 

Thanks in Advance,

 

Elliot

noahdowd
Contributor

Last I heard ADCS didn't work for user certs. I use the AD Certificate payload in the same profile as the Network payload and it gets people connected. There are always support tickets for folks who let them expire though since they don't auto-renew.

aarron_tilley
New Contributor II

@tthurman we are attempting to do a very similar setup but running into some issues. Any chance you could show what your wireless profile looks like as we think its just a setting issue we are running into with how the profile wants the information presented.