Jamf Nation Community

dario · ‎06-11-2021

We need to authenticate our MACs on wifi and wired connections using EAP-TLS and user certificates enrolled by our Active Directory CA. We configured AD CS connector, giving those values to the deploy script: as FQDN we put the A record to wich the NATed public ip address of the AD CS server resolves as jamfProDn we put "xxxx.jamfcloud.com" Then we created a copy of the "User" certificate template, giving the account of the AD CS server enroll permissions and giving "subject on request" in the "Subject name" tab We also allowed access to the port 443 of the AD CS server from outside. We tried to create a configuration profile to use that connection, using those parameters: -certificate subject: $USERNAME@<our AD domain> -template name: the name od the cloned template -SAN type: none But the profile fails to install, even downloading the profile and trying to install it, the installation fails with and error. The profile is also not readable by apple configurator 2.
Any help, insights, or advice would be wonderful.
Thanks

kyle_erickson · ‎06-14-2021

Is the certificate payload and the network payload in the same profile? If not, I'm pretty sure that's a requirement.

sdagley · ‎06-14-2021

What is the error being reported? And in addition to what @kyle.erickson points out regarding the Network and certificate payload needing to be in the same profile, the Wi-Fi SSID you're trying to install the configuration for must be available at install time or the profile will fail.

dario · ‎07-21-2021

@kyle_erickson @sdagley my previous answer seems to be lost...yes the certificate and the payload are in the same profile and I couldn't see any error being reported. I used a work around copying the profile on the Mac a installing via script with the command /usr/bin/profiles -I -F using the user logged in.

Thanks

Dario

Jamf Nation Community

802.1x authentication