- Jamf Nation Community
- Products
- Jamf Pro
- Re: File Vault and 802.1x Profiles
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
File Vault and 802.1x Profiles
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-21-2015 04:53 PM
Is anyone using File Vault and also Radius / 802.1x profiles?
I am seeing weird things with trying to do the "Use as Login Window Configuration"
File Vault bypasses this and it wont show up unless you login as the File Vault user then logout.
In a perfect world I would like to use both -
Use as a Login Window configuration
&
Use Directory Authentication
with file vault enabled.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-22-2015 02:16 AM
You should give this a try:
defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool trueThis will disable the FileVault autologin and show you the normal login window after authenticating for FileVault.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-22-2015 09:15 AM
Above post (defaults command) is definitely relevant. That said, I've found the config profile does not always load recently with 10.11.2 and Profile Manager-generated (JSS-generated doesn't work at all). I've installed via APNS and manually. It seems we need a triple login (more often than not) these days to grab our 802.1x/WiFi. Perhaps something environmental as well introduced here.
edit: just a note that I've been using -bool YES/NO to control state
defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YESOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-22-2015 10:34 AM
A few months ago, we used 802.1x with username/password and had similar problems. In addition, waking up after sleep caused the WiFi in nearly all cases to fail. Among with other problems, we decided to switch to certificate based EAP-TLS authentication. All problems we had were instantly gone with this.
BTW, using "yes" or "true" in the defaults command is the same. You can use both of them.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-22-2015 10:59 AM
When you were seeing issues with 802.1x, did you ever notice the config profile fail to load/register at Login Window (e.g. Network Interface selection doesn't appear ... only User/Password fields). That's new to us.
Reconnect on sleep went away for us with 10.11.x. Only took a OS release cycle.
YES/true NO/false ... yeah, shouldn't matter. I probably had a typo at one point and became superstitious. :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-22-2015 11:07 AM
no, this is new for me too. There were only issues with the connection itself.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-23-2015 07:40 AM
Do you have any documentation or write up on going cert based? Do you mean device cert based? Or?
Thanks in advance.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-23-2015 07:45 AM
@bwiessner: yes, we are using machine AD certificates. there is a good documentation on afp548:
https://www.afp548.com/2012/11/20/802-1x-eaptls-machine-auth-mtlion-adcerts/
