- Jamf Nation Community
- Products
- Jamf Pro
- Re: [iOS] Any way to Pass LDAP Authentication to E...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
[iOS] Any way to Pass LDAP Authentication to Exchange & WiFi?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-23-2015 01:32 PM
We're starting to toy around with DEP and iPad support. At the moment, we have it configured so that during the initial setup, they need to authenticate with LDAP credentials. After they finish the initial setup pages, the iPad gets the configurations for setting up their e-mail and the wireless network. These have their username pulled from LDAP and set to auto-fill where appropriate. The user ends up only having to enter their password a few times and then they're good to go.
I'm looking to simplify the user setup even more. Is there any way I can change the configuration profiles to use the password entered at authentication when those two profiles are added? That way they only have to log in the one time for it to register the device and configure their email and wireless. This isn't a mandatory thing, but it would definitely be helpful.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-24-2015 04:31 AM
Take a look at page 483 of the admin guide. You can get close. There are a number of $VARIABLES you can put into configuration profiles that pull data from the User & Location fields in Casper's inventory. Password is not supported but much else is.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-24-2015 06:05 AM
if your Mac is bound to AD and you select kerberos during the outlook setup and your exchange server is indeed configured for kerberos authentication it should just work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-24-2015 06:07 AM
oh, sorry i see these are iOS devices. there is probably a way to get kerberos setup on them as well I just would not know how.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-24-2015 07:48 AM
@psliequ, that's how we currently have it set up. It works perfectly...I'm just seeing if we can simplify it even further.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-24-2015 08:37 AM
The most elegant solution is to get away from username & password authentication. If you can move to certificate-based authentication for your infrastructure you can use SCEP/NDES/AD Certificate to get certs on the device and then set up your profiles to use those. A big bonus there is that if you get your VPN authentication to be certificate-based, you get VPN-on-demand functionality where iOS will auto-detect the need to flip on VPN when reaching resources on your corporate network. Very nice user experience.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-24-2015 10:55 AM
@jarednichols Funny you should mention this. I've been talking to our AD sysadmins and our JAMF account manager trying to figure out how to use NDES/SCEP in this way. The problem is that documentation is scarce. My Google-fu is failing me here. Is there anywhere that this configuration is documented? Please point us in the right direction.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-24-2015 11:37 AM
I'm with you @jescala this is a great idea. If you find anything report back I'd love to work with this too!
