802.1x Wireless Profile Issues

josh_miller
New Contributor II

Hello,

I was wondering if anyone has had success implementing a 802.1x Wireless profile with TTLS and prompting the user for their credentials at the computer level. I have tried to implement this type of profile and it seems it is trying to authenticate as the system vs prompting the user. If I enter my credentials for a test machine and deploy it to one machine it works. I think the profile doesn't know to ask the user as I noticed when the profile is deployed it says "Enterprise Mode: System". Would anyone happen to have any insight on this?

Thanks!

6 REPLIES 6

josh_miller
New Contributor II

So I've done some digging and with the help of the OSX-Server community I've figured out that the JSS is writing the key "SystemMode" which is set to True in com.apple.airport.preferences.plist located in /Library/Preferences/SystemConfiguration/. This is also represented in the profile under System Preferences as "Enterprise Mode: System:". If I change this key to "False" then my profile works properly. I have alerted JAMF to this issue and am awaiting response on how to fix it or if a software update will be released to address it. If anyone has any insight on setting this key in a local config profile please let me know.

Thank you! :)

mlam
New Contributor

Hi, dose jamf fix it? I having the same issue with 9.72.

Thanks.

Michael

josh_miller
New Contributor II

@mlam

There is currently no fix for this at this time however I have a python script I run as a policy that removes this issue so I can still use the config profile. Here is the python script for your use: (Note: I have two WiFi networks I update thus the fact it is doing 2 so go ahead and update it for your area)

#!/usr/bin/python
'''This script will fix Casper's inability to prompt a user
for their credentials to connect to wireless.
Joshua D. Miller - May 14, 2015 - josh@psu.edu
Penn State College of Education'''

import plistlib
import platform

# Set location of PLIST
NETWORK_PLIST = (
    '/Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist'
)

# Read Plist Data
NETWORK_PLIST_DATA = plistlib.readPlist(NETWORK_PLIST)
# Determine the OS
OS = platform.mac_ver()[0]
# If the system is running 10.7.5 - 10.9.5 use this action
# to address the issue
if OS >= "10.7.5" and OS <= "10.9.5":
    NETWORKS = NETWORK_PLIST_DATA.get('RememberedNetworks')
    for WIFI in NETWORKS:
        if WIFI.get('SSIDString') == 'WiFi name here':
            if WIFI.get('SystemMode'):
                WIFI['SystemMode'] = False
                try:
                    plistlib.writePlist(NETWORK_PLIST_DATA, NETWORK_PLIST)
                    print NETWORK_PLIST + " Updated WiFi."
                except:
                    print "Could not write PLIST file.." + NETWORK_PLIST
        if WIFI.get('SSIDString') == 'WiFi Name here':
            if WIFI.get('SystemMode'):
                WIFI['SystemMode'] = False
                try:
                    plistlib.writePlist(NETWORK_PLIST_DATA, NETWORK_PLIST)
                    print NETWORK_PLIST + " Updated WiFi."
                except:
                    print "Could not write PLIST file.." + NETWORK_PLIST
# IF the system is running 10.10.0 or higher use this action
# to address the issue
elif OS >= "10.10.0":
    NETWORKS = NETWORK_PLIST_DATA.get('KnownNetworks')
    for KEY, VALUE in NETWORKS.items():
        if VALUE.get('SSIDString') == 'WiFi Name here':
            if VALUE.get('SystemMode'):
                VALUE['SystemMode'] = False
                VALUE['AutoLogin'] = True
                try:
                    plistlib.writePlist(NETWORK_PLIST_DATA, NETWORK_PLIST)
                    print NETWORK_PLIST + " Updated WiFi."
                except:
                    print "Could not write PLIST file.." + NETWORK_PLIST
        if VALUE.get('SSIDString') == 'WiFi name here':
            if VALUE.get('SystemMode'):
                VALUE['SystemMode'] = False
                VALUE['AutoLogin'] = True
                try:
                    plistlib.writePlist(NETWORK_PLIST_DATA, NETWORK_PLIST)
                    print NETWORK_PLIST + " Updated WiFi."
                except:
                    print "Could not write PLIST file.." + NETWORK_PLIST

denmoff
Contributor III

@josh.miller This is awesome! thank you for posting it.

denmoff
Contributor III

@josh.miller How are distributing the script along with the profile? Do you push the profile out as a policy?

denmoff
Contributor III

The way I ended up distributing this was by packaging up the mobileconfig file with a postinstall script and then created a self service policy for the newly created package.
Would have been much easier if i could have just had an "after" script run with the Self Serve configuration profile. But that's not currently possible as of JSS 9.92.
BTW. Leaving the username and password field blank was key to this working for me.