- Jamf Nation Community
- Products
- Jamf Pro
- Re: 802.1x Wireless Profile Issues
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
802.1x Wireless Profile Issues
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-30-2014 07:47 AM
Hello,
I was wondering if anyone has had success implementing a 802.1x Wireless profile with TTLS and prompting the user for their credentials at the computer level. I have tried to implement this type of profile and it seems it is trying to authenticate as the system vs prompting the user. If I enter my credentials for a test machine and deploy it to one machine it works. I think the profile doesn't know to ask the user as I noticed when the profile is deployed it says "Enterprise Mode: System". Would anyone happen to have any insight on this?
Thanks!
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-30-2014 01:08 PM
So I've done some digging and with the help of the OSX-Server community I've figured out that the JSS is writing the key "SystemMode" which is set to True in com.apple.airport.preferences.plist located in /Library/Preferences/SystemConfiguration/. This is also represented in the profile under System Preferences as "Enterprise Mode: System:". If I change this key to "False" then my profile works properly. I have alerted JAMF to this issue and am awaiting response on how to fix it or if a software update will be released to address it. If anyone has any insight on setting this key in a local config profile please let me know.
Thank you! :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-15-2015 07:18 PM
Hi, dose jamf fix it? I having the same issue with 9.72.
Thanks.
Michael
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-17-2016 05:20 AM
There is currently no fix for this at this time however I have a python script I run as a policy that removes this issue so I can still use the config profile. Here is the python script for your use: (Note: I have two WiFi networks I update thus the fact it is doing 2 so go ahead and update it for your area)
#!/usr/bin/python
'''This script will fix Casper's inability to prompt a user
for their credentials to connect to wireless.
Joshua D. Miller - May 14, 2015 - josh@psu.edu
Penn State College of Education'''
import plistlib
import platform
# Set location of PLIST
NETWORK_PLIST = (
'/Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist'
)
# Read Plist Data
NETWORK_PLIST_DATA = plistlib.readPlist(NETWORK_PLIST)
# Determine the OS
OS = platform.mac_ver()[0]
# If the system is running 10.7.5 - 10.9.5 use this action
# to address the issue
if OS >= "10.7.5" and OS <= "10.9.5":
NETWORKS = NETWORK_PLIST_DATA.get('RememberedNetworks')
for WIFI in NETWORKS:
if WIFI.get('SSIDString') == 'WiFi name here':
if WIFI.get('SystemMode'):
WIFI['SystemMode'] = False
try:
plistlib.writePlist(NETWORK_PLIST_DATA, NETWORK_PLIST)
print NETWORK_PLIST + " Updated WiFi."
except:
print "Could not write PLIST file.." + NETWORK_PLIST
if WIFI.get('SSIDString') == 'WiFi Name here':
if WIFI.get('SystemMode'):
WIFI['SystemMode'] = False
try:
plistlib.writePlist(NETWORK_PLIST_DATA, NETWORK_PLIST)
print NETWORK_PLIST + " Updated WiFi."
except:
print "Could not write PLIST file.." + NETWORK_PLIST
# IF the system is running 10.10.0 or higher use this action
# to address the issue
elif OS >= "10.10.0":
NETWORKS = NETWORK_PLIST_DATA.get('KnownNetworks')
for KEY, VALUE in NETWORKS.items():
if VALUE.get('SSIDString') == 'WiFi Name here':
if VALUE.get('SystemMode'):
VALUE['SystemMode'] = False
VALUE['AutoLogin'] = True
try:
plistlib.writePlist(NETWORK_PLIST_DATA, NETWORK_PLIST)
print NETWORK_PLIST + " Updated WiFi."
except:
print "Could not write PLIST file.." + NETWORK_PLIST
if VALUE.get('SSIDString') == 'WiFi name here':
if VALUE.get('SystemMode'):
VALUE['SystemMode'] = False
VALUE['AutoLogin'] = True
try:
plistlib.writePlist(NETWORK_PLIST_DATA, NETWORK_PLIST)
print NETWORK_PLIST + " Updated WiFi."
except:
print "Could not write PLIST file.." + NETWORK_PLIST
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2016 01:18 PM
@josh.miller This is awesome! thank you for posting it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2016 01:24 PM
@josh.miller How are distributing the script along with the profile? Do you push the profile out as a policy?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-16-2016 01:11 PM
The way I ended up distributing this was by packaging up the mobileconfig file with a postinstall script and then created a self service policy for the newly created package.
Would have been much easier if i could have just had an "after" script run with the Self Serve configuration profile. But that's not currently possible as of JSS 9.92.
BTW. Leaving the username and password field blank was key to this working for me.
