- Jamf Nation Community
- Products
- Jamf Pro
- Re: 802.1x wifi and High Sierra Upgrade
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
802.1x wifi and High Sierra Upgrade
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2017 09:22 AM
I'm seeing an 802.1x connectivity problem when upgrading to High Sierra in my testing....when I do the upgrade.
I have a configuration profile pushed to the machine to connect to our wireless. The MacBook Air will connect perfectly before the upgrade. But then once it upgrades, it will no longer connect to our 802.1x network. Looking deep into the logs I see "en0 EAP-PEAP: authentication failed with status 1". Looking at our wireless logs it seems like it's not able to authenticate with AD properly.
If I delete the network out of the Preferred Network, then manually re-connect it'll work. But I'm really trying to avoid that.
These are freshly imaged machines on 10.12 that I'm then trying to upgrade to 10.13. So it isn't a machine that's been mucked up over multiple upgrades or anything. I've had very similar issues previously with Sierra and El Capitan but usually connecting to another network would solve it(no idea why that would), not so lucky with High Sierra.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2017 09:31 AM
Make sure that your cert is using SHA-2. SHA1 is not supported on High Sierra
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2017 11:14 AM
It is. 256 in fact.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2017 11:23 AM
Turns out it works if "Use as a Login Window configuration" is checked...which is uncheckable in 9.101, so I had to spin up a VM and get 9.100 installed. Then download the profile and re-upload it to 9.101.
I feel like in the past I've had this box checked and it's caused weird issues before with people not being able to authenticate to the wifi maybe from sleep?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-01-2018 10:11 AM
Did you find a solution to this? I'm in the same boat right now.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-01-2018 10:14 AM
Nope :(
Since we're all laptops, if people upgrade while off campus, it works. No idea why. None of it makes sense.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-01-2018 12:11 PM
If I temporarily connect one of these laptops to ethernet or another internal SSID then the 802.1x works again. Seems like they need to talk to AD to update the computer password or get an updated token.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-01-2018 12:42 PM
Turns out it works if "Use as a Login Window configuration" is checked...which is uncheckable in 9.101, so I had to spin up a VM and get 9.100 installed. Then download the profile and re-upload it to 9.101. I feel like in the past I've had this box checked and it's caused weird issues before with people not being able to authenticate to the wifi maybe from sleep?
We were having wired 802.1x issues with JSS created profiles, so I've moved to creating the network profile in Profile Manager, downloading it and signing it, then installing it in a package. Sometimes the network profile would get removed from the machine entirely with no management command in the inventory. Installing it that way means the MDM can't remove it.
