Jamf Nation Community

rbahena · ‎06-13-2022

I was wondering if anyone has seen this issue, where I have setup a 802.1x config profile for my macs. In our office we have two WiFi networks: 1) 802.1x (certificate based) network 2) Open Guest network. Our macs know both networks exist. We modified the preferred network so that the 802.1x is at the top of the list. When we reboot a mac, it connects to the guest network for some reason. When I manually connect to the 802.1x network it works just fine. When I manually turn off WiFi on the menu bar and turn it back on it connects to the 802.1x network just fine. Last test we turning off AutoJoin on the guest network and we reboot and it does connect to 802.1x network. Only seems like when I reboot my machine, it chooses the guest network over the 802.1x network when both are set to AutoJoin.

P.S. We use Jamf Connect and have FV2 enabled.

Anyone else see this issue?

jakeobbe · ‎06-13-2022

From what I read, JAMF Connect does not support this configuration.

"Note:

User-level authentication to an 802.1x network (such as EAP-PEAP and EAP-TTLS) is not supported at the macOS login window with Jamf Connect. "

https://docs.jamf.com/jamf-connect/2.12.0/documentation/General_Requirements.html

btowns · ‎06-14-2022

Sounds like they have EAP-TLS which is compatible.

btowns · ‎06-14-2022

I'm having similar issues with getting computers to join our 802.1x network. Did you set the preferred network programatically?

rbahena · ‎06-14-2022

Yes, I have a script that runs daily to move the 802.1x network to the top of the preferred network list.

btowns · ‎06-14-2022

How are you doing it? I've read removing the preferred network then adding again at index 0 will break 802.1x.

Thanks

rbahena · ‎06-14-2022

Oh very interesting. I am using this simple script:

networksetup -removepreferredwirelessnetwork en0 "Wifi Name"
networksetup -addpreferredwirelessnetworkatindex en0 "Wifi Name" 0 WPA2E

btowns · ‎06-14-2022

I tried this and it did move the SSID to the top of the list but trying to join the network unfortunately resulted in the certificate selection prompt instead of smoothly joining the network.

Are you able to remove the guest network completely as suggested by @Qwheel ?

rbahena · ‎06-14-2022

1

Qwheel · ‎06-14-2022

In our environment, if someone connects to our guest network once on a device, it'll remember it thereafter and always pop up the guest prompts even if on LAN. As if the guest network takes precedence. Everyone should be using the main WiFi access point if they have credentials.
I run this script weekly to clear up any devices getting the annoying guest Wi-FI prompts because they clicked the wrong access point.

#!/bin/bash
IS_LAPTOP=`system_profiler SPHardwareDataType | grep "Model Identifier" | cut -c 24-31`
var="MacBook"
echo "Model identifier: $IS_LAPTOP"
if [ $IS_LAPTOP = $var ]; then
	echo “Is a MacBook”
	sudo networksetup -removepreferredwirelessnetwork en0 "Access Point Title"
    
else
    echo “Is not a MacBook”
	sudo networksetup -removepreferredwirelessnetwork en1 "Access Point Title"
fi
exit 0

Jamf Nation Community

802.1x and auto connecting after a reboot