DEP and Zero-touch with a radius server

sandersonp
New Contributor

Hi folks. I've been poring over the discussions here in search of an answer to my question, but there's just so much information, and the terms of the search are probably a little too broad to get the results I'm looking for. If there is a discussion answering this question, please point me in the right direction.

We are implementing a new Casper setup, and really beginning to fully manage Macs for the first time. What we wish to do is achieve a zero-touch workflow leveraging DEP and Casper. One problem we seem to be hitting is that we use 802.1X/radius, and it doesn't seem like you're able to join such WiFi networks during the setup assistant. Is this the case, or do we need to check our configuration?

Unless I'm reading something wrong, DEP doesn't actually pre-load any information, but rather forces an enrollment profile on the laptop once it connects to the internet and activates. So, if we are aiming for a custom setup assistant, and other pieces we'd want configured at first login (binding to a directory, security settings, etc.), is it possible to achieve any of this directly out of the box, or will we need to do some level of pre-stage imaging?

We have a session scheduled with JAMF in a few weeks, but we're trying to get as much accomplished in the meantime as possible, and I really appreciate any advice this community may have.

Thanks,

Pete

2 REPLIES 2

bwiessner
Contributor II

To start off - I have not seen radius networks at the Setup assistant before. You would need to have A PSK network or be hardlined.

2nd - with DEP and Casper 9.9 - you can force LDAP auth and bind in the setup then have other policies or things at enrollment complete ( from my testing enrollment complete is after the user has been created and the device checks into the JSS)

You should be able to do most of the things from a DEP enrollment - specially if you do not need to deploy a lot of software right away and can train your users to go to Self Service to get the things they need.

Do you have your DEP account setup yet? That can take some time to get that pushed through on Apples side and you will want to get that done ASAP.

mlavine
Contributor

I have a similar problem. I believe that the reason you can't connect to an 802.1x network during the setup assistant is because you would have to get certificates to authenticate in some way. I've been told that one way that some organizations deal with this is by setting up a separate WiFi network that only has access to Casper and Apple. I've also heard about trying to use captive portals for authentication as well.