Help

Auto Connect Wireless Network | AD Certificate | Nomad

itsys
New Contributor II

Posted on ‎07-02-2019 08:13 AM

Hello!
I'm new around here :-).

I want all my Macs in the company to auto join 802.1x wireless network.
We used to do this with a configuration profile and a user AD certificate. There was no issue until now since the Macs were bound to AD.

Now we want to move to Nomad, we are able to get the certificate to the machine, but need to join manually and go through several steps which are not user-friendly.
So here is the flow:
After signing in to Nomad, user is automatically getting user certificate.

  1. Choose our corporate network from the list
  2. Choose EAP-TLS mode and the user's certificate (screenshot) and hit 'Join'.
  3. Popup window for 'eapolclient' using "<key>" in keychain (screenshot).
  4. Another popup for 'eapolclient' changing permissions (screenshot).
  5. Mac joined the network.

Ethernet connection behaves almost the same - no need to approve the 'eapolclient' thingy.

My question:
Is there any way, by a configuration profile, policy, script or anything, users can auto-join our corporate network?

Thanks for anyone replying :-)
4b094b7db2a34674b51a99b5d6b9034d
df165045dadd4e45b4abf091fec473df
4a82be86dfaf46ab9eacfd516ce3e214
2f298653e14e4a86a26424276ff628cc
a5559eebe7bc46a5bb548c28dffe7385

3 REPLIES 3

hudsonmarcus200
New Contributor

Posted on ‎07-30-2019 12:31 AM

Did you ever get a solution for this?

0 Kudos

itsys
New Contributor II

Posted on ‎08-12-2019 07:35 AM

Nope.
Have you?

We still do this process as part of computer setup in IT dep..
Also, you have to hit 'connect' every time after disconnecting and reconnecting adapterdocking station.

0 Kudos

gabester
Contributor III

Posted on ‎01-30-2020 11:19 AM

I'm doing something similar, although it's a configuration profile delivered separately from JAMF. Back in the good old days this just worked, but after a security update due to a discovered vulnerability that allowed attackers to dump the keychain we started getting keychain prompts. The directive to users since then has been to do this once... but I feel like this is something that ought to be scriptable, likely with the security tool. I'm just not sure what the command syntax ought to be. In our case, we're doing a certificate-based authentication and various binaries need access to the user's private key. Manually, get info on the private key and switch to the Access Control tab, then the [+] button to "Always allow access by these applications"...

However I'm not expert with the security command line tool, so it will take me some playing around to figure it out as my google-fu hasn't turned up anything yet.

0 Kudos