802.1x credentials missing since 9.22

I have noticed when I check "Use as a Login Window configuration" then click save the check disappears... Anyone else seeing this???

Yes, I also noticed the "Use as a Login Window configuration" is not saving after upgrading to 9.22. Also, if I choose "WPA2 Enterprise", it will revert to "WPA2" as soon as I save.

Potter, I have not noticed any issue with our Login Window config profile in this release, though we did have a problem when initially updating to 9.1.

I have a ticket open with JAMF so if there's any update I'll definitely post it here. What we find with our wireless profile may help with other config profile issues as well.

Yes, I also noticed if I choose "WPA2 Enterprise", it will revert to "WPA2" as soon as I save.

We have a call open as you can't use a configuration profile created in IPCU so you can add in the authentication type and now the system level 802.1x Password or identity preference are missing.

Looks like we are keeping the JAMF folks busy with this one!! I also have a ticket open on this one. Has anyone tried downloading the configuration profile to have a look at it? My .mobileconfig file from the download button looks nothing like it ought to.

I received a response to this from my account manager. There appears to be an issue in version 9.22 that does not place the credential information into the keychain. JAMF is aware of the issue and is working to resolve it. This includes both new and upgraded profiles that carry this type of information.

i'm seeing the same issue with 802.1x setup to use directory authentication.

Also found that the "Use as a Login Window configuration" option does not save.

Add me into the list having problems.

I received this back from support regarding the seen behavior... "The number for this defect we are hitting is D-006090 for your reference."

Can anyone confirm is this was working on the 9.21 release?

Using 802.1x profiles in 8.73 this is a show stopper for a 9 upgrade :(
Would be good to know more info on this, and which versions are affected/when a fix is scheduled. Have been patiently waiting for a while for various defects to be resolved so we could safely upgrade.
Thank you for sharing.

My understanding is that 9.21 was fine, but 9.22 introduced the bugs the cause 802.1x settings to not be saved properly in Configuration Profiles.

The workaround for 9.22 which I have used successfully is to create the 802.1x Configuration Profile in OS X Server's Profile Manager, download it from there and upload it into the JSS. The JSS can then distribute that profile as normal. To get this to work though, I had to ensure that Profile Manager was signing the Configuration Profile before I downloaded it, that way when I uploaded the resulting profile to the JSS it was marked as read-only so the JSS couldn't 'break' it.

I believe under 10.9 the config profile for 802.1x must be signed which is something Casper does not do.

Lisa, Patrick's response matches our own. We were not encountering any issues until we upgraded from 9.21 to 9.22.

Lisa, Patrick's response matches our own. We were not encountering any issues until we upgraded from 9.21 to 9.22.

Hi all,

We migrated from 8.73 > 9.22 & our 802.1x profile works... But is based on RADIUS auth via AD Machine cert.

Just created Signed and uploaded a Profile created in OSX Profile manager as suggested by @plawrence and it is working correctly. on a 9.22 Casper install and 10.9 client, with users authenticating at the login window profile.

Hello All,

I am in the same boat as many of you experiencing this issue and wanted to pick your brains on the workaround with profile manager.

Unfortunately we are running OD 10.6 in our environment and haven't upgraded since we are essentially managing everything through Casper Config Profiles. I assume I would need to set-up a 10.9 server instance with OD and Profile manager in order to get this to work? Would it matter what I set OD as in the test environment? If someone could provide some more details that would be appreciated.

Joe

Hi Joe, I created mine in a test 10.8 lab setup. Uploaded to a completely separate 10.9 server running a 9.22 JSS, then sent it to some managed 10.9.0 clients to test.

dmo1337, someone mentioned have to sign the cert so when you uploaded it was read only. Did you have to do that as well?

Joe

I am using 9.21.
I posted this last year: https://jamfnation.jamfsoftware.com/discussion.html?id=9281
You need to select wpa/wpa2 enterprise for it to save the config profile.
Hope it helps.

@Araneta,
For me, this does not resolve the issue where "Use as a Login Window configuration" remains unchecked when using WPA/WPA2 Enterprise. The same occurs with Any (Enterprise) selected. If I select WPA2 Enterprise, then the security type changes to WPA2 and "Use as a Login Window configuration" remains unchecked.

@joemamasmac yes I signed it with Profile manager, so in the JSS console it's read only. Happy to send one of my working ones through as an example.

Anyone ever figure this out? We just moved from 9.12 to 9.22 and use directory based authentication. Now the "Use as Login Window Configuration" box will not stay checked, even after trying to save it multiple times. The only variable we have changed here was the update to 9.22.

I saw some people posting about signing it with profile manager, but I cant seem to get that to work. Anyone hear back from JAMF? Tried getting a hold of them Friday, but haven't hear back yet.