Issues Trying to Prefill WPA2 Enterprise Username+Cert on Non-Domain Machines

McAwesome
Contributor III

I've been poking around to make the deployment of machines as straightforward as possible. One thing I want to simplify is the wireless setup. The ideal end result is for them to sign in with their local account(specific name created by us), get prompted to sign into the WPA2 Enterprise network(PEAP, standard "username and password" setup), and have the "Username" field pre-filled with the local account's name. When they put their password in, it should not prompt them for the cert(as it's already trusted) and should be good to go.

I can easily make a configuration profile to push the cert, but no username or password. I can also set a particular username and password, but that doesn't really help as it'd be the same on all machines that configuration profile goes to. I can do directory authentication, but that doesn't help at all as the vast majority of devices are not on domain. I can pass the $USERNAME or $3 values, but without an associated password it always fails to connect and prompts OSX to run diagnostics on the wireless. I can figure out the name of the currently logged in user pretty easily, but I can't find any way to pass that information into a wireless configuration profile.

Is there a way to accomplish what I'm going for through the JSS or through some other? It seems like the kind of thing that should be fairly common thing to do since WiFi isn't exactly an exotic thing these days.

1 REPLY 1

mlavine
Contributor

I'd be interested if anyone has figured this out.