Configuration profile - Options order

B_Aus_Dresden
New Contributor II

Hello,

 

I am just starting with Jamf and was wondering if there is a way to put different options in configuration profile in order, set by me.

Here's what I mean:

We are trying to deploy a profile with 2 options:

- Network, with PEAP configured to 'any ethernet'

- Certificate with, well. A certificate.

 

Our intention is to have users authenticate on the login screen, so they don't receive any additional pop ups. So far it looks like it works just fine, when the certificate is on the machine.

However, because I deploy both certificate and network configuration in the same profile, it looks like sometimes the network part applies before the certificate is installed, which causes pop-up with 'choose certificate' to appear.

 

So the question is - is there a way to deploy both options in 1 configuration profile, but delay the network part until the certificate is installed?

If not, is there maybe any other way to achieve what we are trying to do?

 

 

Thanks in advance

6 REPLIES 6

dgoldberg
New Contributor II

Hello.  The certificate.  Is its a machine certificate or a user based certificate (e,g smart badge, yubi key?

Hello,

it's machine based certificate

moriahitadmin
New Contributor III

Only way to do this is via smart group which has criteria to check if the first profile is installed. 

#!/bin/sh profiles=`profiles -C -v | awk -F: '/attribute: name/{print $NF}' | grep "$4" if [ "$profiles" == " $4" ]; then echo "Profile exists" else echo "Profile does not exists" fi exit 0

 

You can put $4 for the name profile.

Then scope second profile to that smart group,. 

Hello,

Just for the clarification - I have to break my 2-option profile into 2 separate profiles, one with certificate and the other with network configuration. Then, I link the first profile normally, and the second one via smart group with criteria as mentioned above? Do I get it right?

B_Aus_Dresden
New Contributor II

UPDATE:

We tested with breaking my profile into 2 separate ones, and it looks like it won't authenticate anymore.

When I deploy everything together, I can choose 'trusted certificate', since it's all in 1 profile.

In 2 profiles solution I cannot do that ( I can put 'certificate common name' under 'Trusted Server Certificate Names', but it's not the same and won't work).

 

Is there any workaround here? 

AJPinto
Honored Contributor III

I strongly recommend keeping unrelated things in separate configuration profiles. The certificate should drop in its own configuration profile, probably one that installs at enrollment. Then the network configuration profile can run later, and the certificate is already on the machine.