Auto Connect Wireless Network | AD Certificate | Nomad

New Contributor II

I'm new around here :-).

I want all my Macs in the company to auto join 802.1x wireless network.
We used to do this with a configuration profile and a user AD certificate. There was no issue until now since the Macs were bound to AD.

Now we want to move to Nomad, we are able to get the certificate to the machine, but need to join manually and go through several steps which are not user-friendly.
So here is the flow:
After signing in to Nomad, user is automatically getting user certificate.

  1. Choose our corporate network from the list
  2. Choose EAP-TLS mode and the user's certificate (screenshot) and hit 'Join'.
  3. Popup window for 'eapolclient' using "<key>" in keychain (screenshot).
  4. Another popup for 'eapolclient' changing permissions (screenshot).
  5. Mac joined the network.

Ethernet connection behaves almost the same - no need to approve the 'eapolclient' thingy.

My question:
Is there any way, by a configuration profile, policy, script or anything, users can auto-join our corporate network?

Thanks for anyone replying :-)


New Contributor

Did you ever get a solution for this?

New Contributor II

Have you?

We still do this process as part of computer setup in IT dep..
Also, you have to hit 'connect' every time after disconnecting and reconnecting adapterdocking station.

Contributor III

I'm doing something similar, although it's a configuration profile delivered separately from JAMF. Back in the good old days this just worked, but after a security update due to a discovered vulnerability that allowed attackers to dump the keychain we started getting keychain prompts. The directive to users since then has been to do this once... but I feel like this is something that ought to be scriptable, likely with the security tool. I'm just not sure what the command syntax ought to be. In our case, we're doing a certificate-based authentication and various binaries need access to the user's private key. Manually, get info on the private key and switch to the Access Control tab, then the [+] button to "Always allow access by these applications"...

However I'm not expert with the security command line tool, so it will take me some playing around to figure it out as my google-fu hasn't turned up anything yet.