802.1x LAN Profile

infrase2020
New Contributor III

Hi all

Apologies if this has been answered already but we are trying to push an 802.1x LAN profile down to our macOS devices.

We have managed to push the wireless equivalent down with a certificate etc however when we try and create the LAN equivalent the device doesn't pick the certificate defined in the profile. 

Has anybody come across this issue before? 

We've seen a similar issue in the past with windows devices where you have to start the wired auto config service but wasn't sure if something similar was required on macs?

thanks

 

 

1 ACCEPTED SOLUTION

infrase2020
New Contributor III

We are targeting at computer level. 

Our profile contains the following: 

  • Certificate 
  • Network - First Active Ethernet
  • Identity Certificate - Scep Device certificate
  • Trusted certificate - Scep Root Certificate
  • Trusted server certificate names
  • SCEP payload
    • Use the external ca settings to enable Jamf Pro as a scep proxy

As i said on my original post, the exact same settings work for wireless profiles but not ethernet, have i missed something? 

View solution in original post

6 REPLIES 6

sdagley
Esteemed Contributor II

@infrase2020 Are you applying your wired network Configuration Profile at the User or Computer level? While Jamf will allow you to deploy the configuration at the User level Apple's MDM spec indicates that for wired profiles only Computer level is supported.

infrase2020
New Contributor III

We are targeting at computer level. 

Our profile contains the following: 

  • Certificate 
  • Network - First Active Ethernet
  • Identity Certificate - Scep Device certificate
  • Trusted certificate - Scep Root Certificate
  • Trusted server certificate names
  • SCEP payload
    • Use the external ca settings to enable Jamf Pro as a scep proxy

As i said on my original post, the exact same settings work for wireless profiles but not ethernet, have i missed something? 

sdagley
Esteemed Contributor II

So much for that theory then... When you say the LAN connection isn't picking up the certificate is that because you're seeing a prompt to select a certificate for the wired connection, or is the 802.1x auth failing because it's not getting a valid certificate?

JMontey1
New Contributor III

Hello! I am not too familiar with network/certificates. Would you be able to post screen shots of your profile(s)? I am struggling on getting everything setup correctly!

infrase2020
New Contributor III

Sorted the issue in the end. Had to set First Active Ethernet and the re-add the server URLs in the trust section. 

Thanks for your help @sdagley 

Tip: You will eventually run into problems on some machines where First Active Ethernet isn't eth0.

We had that as our original setting too and I had to eventually change it to 'Any Ethernet' to cover all scenarios.  Now works fine on all our devices without issue.