802.1x and Yosemite Upgrade

xDunes
New Contributor

I was just curious if by chance anyone have seen or heard anything regarding in place upgrade and 802.1x wireless connectivity. We’ve come across an issue where during upgrade the wireless seems to partially break.

If we image a computer to Yosemite and load configuration profiles for wireless there are no issues and everything works.
If we upgrade from Mavericks to Yosemite every time the computer tries to connect to wireless we get a pop up for computer authentication.

Reloading configuration profiles doesn’t work. After reading install.log it seems the installer changes the computer name to Macbook-pro.local and then changes it to Macbook-Pro.our.domain.local and after finishes the install changes it back to serialnumber.our.domain.local. I think this part is what breaks the authentication for 802.1x. If we disjoin the domain then run the upgrade and then rejoin the domain then the issue does not appear.

If dis joining and rejoining the active directory is the only way to automate in place upgrade, is there casper functionality we can leverage to dis join the domain prior to the upgrade? I would really like to avoid putting in AD account credentials in a script for security reasons.

Any thoughts on this would be greatly appreciated.

Thank you.

4 REPLIES 4

AVmcclint
Honored Contributor

I've done about a dozen in-place upgrades from 10.9.5 to 10.10.4 so far and none of them have experienced the problem you describe. We're bound to AD and our 802.1x profiles are based on computer certs issued by our own CA. I haven't seen any signs of the computer name being changed at any point in the upgrade. What method are you using to do the upgrades?

xDunes
New Contributor

I only noticed the name change when reading through install.log after the upgrade. I've even tried the upgrade straight from AppStore with the same behavior so I'm sure it's not the way we're packaging the upgrade.

xDunes
New Contributor

Well I came to a realization that disjoining and rejoining the domain is not really an option since users won't have network access since we have 802.1x on wired and wireless network.

After more troubleshooting we noticed that if we paste the computer name/computer password pulled from the keychain the computer authenticates to the wireless, but the moment we disconnect and try to reconnect we get the pop up again. Reloading the configuration profiles also doesn't seem to change anything. It appears that post upgrade the mechanism that passes the computer name/computer password to 802.1x is not sending correct information.