Posted on 03-21-2018 01:39 AM
i am using 802.1X using protocols PEAP-EAP (PEAP + EAP-TLS) using a computer authentication.
But it not work.
Anyone help, please.
Thanks
Posted on 03-21-2018 07:20 AM
Have you used a trusted certificate? I managed to get this working for our Macs last week.
Posted on 03-21-2018 10:08 AM
Yeah, you may be required to have the whole certificate trust chain for this to work. We've been using this config for a while now without too much trouble.
Posted on 03-21-2018 03:00 PM
@LovelessinSEA We created our 802.1x settings in Jamf Pro, then under Trust within the network payload added our Root CA, is that similar to you?
Posted on 03-21-2018 03:09 PM
No, we didn't have to add a trusted certificate, you just need to make sure that the identity certificate is set to AD certificate (if you're bound that is and you're getting the cert from the CA in the same config)
What certificate are you using for authentication? are you using a machine certificate from the CA? or do you guys have one cert that you are deploying for 802.1x?
How far along in the process are you getting? Is the cert making it to the machine?
in our configuration profile for for 802.1x we have 2 payloads
One is the AD certificate, we use a machine cert issued by the CA.
the other is the Network payload (under the trust settings we are using an ad account that has access to network resources and using the AD certificate as the identity certificate.
Posted on 03-21-2018 03:19 PM
@LovelessinSEA so we configured the network payload for PEAP and TTLS, MSCHAPv2 with the relevant wifi settings and ticked use directory authentication. Then we uploaded the Root CA to the certificate payload and then added that to the trust section of the network payload. It worked straight away. The only niggle I have is getting the proxy settings correct - if you leave the WAN and rejoin without logging on from cold, smooth wall idex doesn't like it!!!!
Posted on 03-21-2018 03:19 PM
Posted on 03-22-2018 06:53 PM
Did you guy have mobileconfig ?
I did not have Jamf Pro to create the profile.
If you can share you can customize your profile and share it with me, Bro.
Thanks,