Help

802.1x authentication with AD accounts

cddwyer
Contributor

Posted on β€Ž07-24-2017 06:28 AM

Hi there,

I have a set of Macs that connect to ethernet with 802.1x with certificates but always shows 'network accounts not available' at the logon screen. I need to logon to an AD mobile account that isn't cached. When at the logon screen it would seem that the ethernet disconnects and therefore can't logon with AD credentials.

Is there anything I can do to get the logging on working without changing network config?

Thanks in advance!

0 Kudos
1 REPLY 1

djwojo
New Contributor III

Posted on β€Ž07-24-2017 08:19 AM

We had issues on the Radius side with this type of setup. We ended up having to whitelist machines at first to allow the base authentication. What we ended up finding with JAMF and Apple SE's - there was an issue in our AD Cert template. When we made the change it now allows a "true" authentication with the cert. Then we had to remove the whitelist setting in radius.

TL:DR - I would highly recommend working with JAMF and Apple if you don't have access to the certs or cert servers. We are currently working on a completely different method because it's inconsistent regardless of OS or build style.

0 Kudos
Jamf helps organizations succeed with Apple. By enabling IT to empower end users, we bring the legendary Apple experience to businesses, education and government organizations. Learn about Jamf.