Skip to main content
Question

802.1x authentication


Forum|alt.badge.img+3
  • New Contributor
  • 4 replies

We need to authenticate our MACs on wifi and wired connections using EAP-TLS and user certificates enrolled by our Active Directory CA. We configured AD CS connector, giving those values to the deploy script: as FQDN we put the A record to wich the NATed public ip address of the AD CS server resolves as jamfProDn we put "xxxx.jamfcloud.com" Then we created a copy of the "User" certificate template, giving the account of the AD CS server enroll permissions and giving "subject on request" in the "Subject name" tab We also allowed access to the port 443 of the AD CS server from outside. We tried to create a configuration profile to use that connection, using those parameters: -certificate subject: $USERNAME@<our AD domain> -template name: the name od the cloned template -SAN type: none But the profile fails to install, even downloading the profile and trying to install it, the installation fails with and error. The profile is also not readable by apple configurator 2.
Any help, insights, or advice would be wonderful.
Thanks

3 replies

Forum|alt.badge.img+8

Is the certificate payload and the network payload in the same profile? If not, I'm pretty sure that's a requirement.


sdagley
Forum|alt.badge.img+25
  • Jamf Heroes
  • 3532 replies
  • June 14, 2021

What is the error being reported? And in addition to what @kyle.erickson points out regarding the Network and certificate payload needing to be in the same profile, the Wi-Fi SSID you're trying to install the configuration for must be available at install time or the profile will fail.


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • 4 replies
  • July 21, 2021

@kyle_erickson @sdagley my previous answer seems to be lost...yes the certificate and the payload are in the same profile and I couldn't see any error being reported. I used a work around copying the profile on the Mac a installing via script with the command /usr/bin/profiles -I -F  using the user logged in.

Thanks

Dario


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings