Jamf Nation Community

andymcp · ‎12-23-2015

My campus LAN has an irritating habit of automatically prompting users to authenticate via 802.1x after login. If users attempt to use their credentials 802.1x will endlessly attempt to authenticate and essentially disable the network connection.

I was able to get around this in Yosemite by running this script at login:
sudo chmod 644 /System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient

After upgrading to El Capitan I noticed I was getting the prompt again and according to the logs the script seemed to either not run at all during login or I would receive a "Operation not permitted" error, which I am assume is due to SIP.

I'd rather not disable SIP on my computers, so I am curious if anyone else has a workaround for this 802.1x issue or a clever way to get this script working again.

Thanks!

boberito · ‎04-06-2016

Hey there, did you ever get a response? I feel like I may be running into a similar issue.

andymcp · ‎04-07-2016

Nope! I have also gotten 0 help from my networking team on this issue. I've had to do a combination of training users and disabling SIP on shared machines and running the eapolclient chmod script at login but it still run into this problem on machines where I haven't disabled SIP. Pretty frustrating!

If you have a better solution, please let me know!

ClassicII · ‎04-07-2016

Do you authenticate to 802.1x via a profile and system account ?

boberito · ‎04-07-2016

That is what I do. I dont know if I'm having the exact same problem as @andymcp. But it sounds similar.

andymcp · ‎04-07-2016

ClassicII: That's the problem, only network admins actually have 802.1x credentials and authenticating isn't even necessary to access the network. I'm still not exactly sure why the have it in place.

Jamf Nation Community

Disabling 802.1x Authentication Prompt w/ El Capitan + SIP