802.1x Wireless Login Window Profile

compro
New Contributor III

I'm trying to create a login window profile for wirelessly authenticating to our wireless network. I have all of our network settings set correctly and I have set it to login window, but the login window attribute does not seem to be applying.

The machine does not even attempt to authenticate wirelessly upon login, and if I go to edit the configuration profile within JSS, the Login Window checkbox gets cleared and will not re-save with that setting no matter what I do.

9 REPLIES 9

jbrannock
New Contributor

I got this response from my support contact:

"we have this filed as defect, it can be tracked by this number:

D-006050

We do have a few of defects filed with similar and related behavior to this so if you watch the release notes, this fix may be included under D-006051 or D-006052. I apologize for the inconvenience but the fix is supposed to be in the next release which should be coming soon."

compro
New Contributor III

Thank you for the information. That is a very unfortunate bug, and I hope it gets straightened out soon.

ericjboyd
Contributor

I had luck creating the profile in the iPhone configuration tool, and uploading it into the JSS.

*note, i have to modify the file to change it to login window in a few places, but it works...

calum_carey
Contributor

i've created a profile like this before and then packaged it and installed it using a postflight script

mostlikelee
Contributor

I'm interested in this as well. Let's keep in touch and update here if you find any workarounds.

compro
New Contributor III

I was able to create a login window profile manually and it works, but once I upload it to JSS, the login window option does not work. If there are any other workarounds, I'm interested to hear them. Likewise, if I stumble upon any workaround, I'll share it here.

plawrence
Contributor II

My workaround for this issue was to create a 802.1x loginwindow profile using Profile Manager on an OS X machine with Server.app installed. The trick was to ensure that you configure Profile Manager to sign your profiles (using the servers internal certificate is fine) then you can upload the profile to the JSS for distribution and because it is signed, the JSS interface cant mess with your settings because signed profiles are read-only when uploaded.

mikehill
New Contributor

Also interested if this has been resolved

Kaltsas
Contributor III

There are a number of 802.1x related bugs with the Casper profiles. D-008952 does not send machine credentials when selected for wired ethernet (since 9.63!). I have also had to go the route of crafting a working config profile by hand and then signing it so the JSS won't mangle it.

This genius blog will walk you through signing a handmade profile.

https://osxdominion.wordpress.com/2015/04/21/signing-mobileconfig-profiles-with-keychain-certificates/