Jamf Nation Community

we are using ADCS already, but also have same issue on this

What does your cert authenticate against? Ours authenticates against the machine name in AD. Even though the Mac isn't bound to AD it still needs the "computer name" as a place holder in the correct OU in AD. We just create a new computer object with the name of the machine and poof machine cert works on a non-bound machine.

A workarround, but Then we have manually to create new computers all the time in Ad when they are enrolled to Jamf. But for testing it could be on

I was thinking just to test to see if that was why they were failing... Also, if that does get it working. This would only need to be done once per the life of the device. I think it could be somewhat automated via powershell. Not sure what your naming scheme is but should be doable. We just went through this change, so I feel your pain. Took quite a while and required a member of our networking team that was able to break down what the Auth server was looking for on the certificate.

we use EAP-TLS wifi using SCEP and SCEP proxy from Jamf and we have not see any issues.

Having the same issue with our ADCS Connector... looking for machine based EAP-TLS wifi.. I can generate an AD certificate and it gets delivered by JAMF Pro to the Machine but then I am forced to choose the certificate to use instead of automatically joining with with Machine Cert the first time. I get presented with the com.apple.kerberos.kdc and the Machine ADCS generated certificate. If I select the Machine certificate it gets on and remembers but not sure why it is not using the machine cert in the first place.

@cjatsbm I'm having the same issue. Were you ever able to figure this out?

@cjatsbm @bwoods I'm using ADCS and its working fine with machine cert. Had issue as you had until I noticed that I forgot to add in "certificate common name" under Trust in my Wifi config profile.

If you're seeing this on Big Sur, make sure you're adding the entire certificate tree into the configuration profile. I was seeing the same issue where my once working profile no longer would authenticate. Spoke to apple and they suggested adding in the entire tree into the profile. Root, 802ca and then the template for the AD cert. As soon as we did this the connection worked as expected.

We have this working correctly in our environment. @nwiseman is correct on the entire tree of certificates needed. Has anybody had problems with the Macs not wanting to reconnect to their company SSID? I would say 90% of the time, we have to manually click on "Connect" or choose the SSID.

I have been trying and failing with this process for a while now. Would anyone be able to shed some light on more specific settings that are needed on the Jamf Config Profile side and what specific properties within the computer record and cert?

We're using Microsoft's NPS Radius service on the back end. I've tried various options of the SAN Type/Value within the Cert payload and Username within the Wifi payload and have little success, just added the full tree and same thing. Any insight or suggestions would be greatly appreciated!