802.1x TLS-PEAP not work on MacOS X 10.12.

Samdy
New Contributor III

i am using 802.1X using protocols PEAP-EAP (PEAP + EAP-TLS) using a computer authentication.
But it not work.

Anyone help, please.
Thanks

7 REPLIES 7

cleverleys
Contributor

Have you used a trusted certificate? I managed to get this working for our Macs last week.

LovelessinSEA
Contributor II

Yeah, you may be required to have the whole certificate trust chain for this to work. We've been using this config for a while now without too much trouble.

cleverleys
Contributor

@LovelessinSEA We created our 802.1x settings in Jamf Pro, then under Trust within the network payload added our Root CA, is that similar to you?

LovelessinSEA
Contributor II

No, we didn't have to add a trusted certificate, you just need to make sure that the identity certificate is set to AD certificate (if you're bound that is and you're getting the cert from the CA in the same config)

What certificate are you using for authentication? are you using a machine certificate from the CA? or do you guys have one cert that you are deploying for 802.1x?

How far along in the process are you getting? Is the cert making it to the machine?

in our configuration profile for for 802.1x we have 2 payloads
One is the AD certificate, we use a machine cert issued by the CA. the other is the Network payload (under the trust settings we are using an ad account that has access to network resources and using the AD certificate as the identity certificate.

cleverleys
Contributor

@LovelessinSEA so we configured the network payload for PEAP and TTLS, MSCHAPv2 with the relevant wifi settings and ticked use directory authentication. Then we uploaded the Root CA to the certificate payload and then added that to the trust section of the network payload. It worked straight away. The only niggle I have is getting the proxy settings correct - if you leave the WAN and rejoin without logging on from cold, smooth wall idex doesn't like it!!!!

1fc6a492068148179184c81e6776d985

cleverleys
Contributor

67a46da5cc9040b5a01c12f3b230a5b5

Samdy
New Contributor III

Did you guy have mobileconfig ?
I did not have Jamf Pro to create the profile.
If you can share you can customize your profile and share it with me, Bro.
Thanks,