Disabling 802.1x Authentication Prompt w/ El Capitan + SIP

andymcp
New Contributor III

My campus LAN has an irritating habit of automatically prompting users to authenticate via 802.1x after login. If users attempt to use their credentials 802.1x will endlessly attempt to authenticate and essentially disable the network connection.

I was able to get around this in Yosemite by running this script at login:
sudo chmod 644 /System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient

After upgrading to El Capitan I noticed I was getting the prompt again and according to the logs the script seemed to either not run at all during login or I would receive a "Operation not permitted" error, which I am assume is due to SIP.

I'd rather not disable SIP on my computers, so I am curious if anyone else has a workaround for this 802.1x issue or a clever way to get this script working again.

Thanks!

5 REPLIES 5

boberito
Valued Contributor

Hey there, did you ever get a response? I feel like I may be running into a similar issue.

andymcp
New Contributor III

Nope! I have also gotten 0 help from my networking team on this issue. I've had to do a combination of training users and disabling SIP on shared machines and running the eapolclient chmod script at login but it still run into this problem on machines where I haven't disabled SIP. Pretty frustrating!

If you have a better solution, please let me know!

ClassicII
Contributor III

Do you authenticate to 802.1x via a profile and system account ?

boberito
Valued Contributor

That is what I do. I dont know if I'm having the exact same problem as @andymcp. But it sounds similar.

andymcp
New Contributor III

ClassicII: That's the problem, only network admins actually have 802.1x credentials and authenticating isn't even necessary to access the network. I'm still not exactly sure why the have it in place.