Jamf Nation Community

If I log in with an account once with the ethernet cable connected, it works to login with that account over WiFi after that.

Are you sure that you have connectivity at the login window? It sounds like you don't, and after you log in once you are actually using cached credentials.

It sounds like you are not connected at the login window and can only log in cached users who have had a mobile account created for them.

How do you connect the Mac to the login window over wifi?

Im able to remote control the computer when its at the login window and only connected to wifi. I can ping and SSH to it and i can see the user auth in the wireless controller. So im shore that the computer is connected

Can you ping your AD server when connected from WiFi?

While at the login window, I would SSH in, then open an interactive dscl session and try to browse your active directory forest with DSCL.

Hi

Had to take care of sick children so not had time to follow this up. But today I'm back and have tested a bit. If I ssh into the computer when it is standing at login and is connected to the wireless network, it does not do dns lookups. Although there are two DNS serves during scutil --dns. The computer can not even ping to its own computer name. Tested it reched the dns server but it did not answer so must be a problem with tcp / ip. No time anymore today so may continue tomorrow ...

This is the Weirdest bug I run on a mac. I can not access anything from the terminal window when the computer is at the login window and is connected over wifi. Can not even ping my gateway, but I can ssh into the computer from a different subnet and it works. I get the message that no route exist when I ping the gateway, but it is on the same subnet and in the routing table there is a defult route through the gateway. Any ideas?

i would talk to your network administrator and see what kind of rules they have set up.
I'm guessing that because it is 802.1x, you might be connected to the wireless network, but your not actually authenticated and so your not authorised to transfer any tcp/ip maybe?

that's me

I see that the user attempting to log in making an accurate 802.1x login and get ip in the correct subnet. This is the ip I use to ssh into your computer from another subnet. It is this that is fishy, ??why I can ssh into the computer and the traffic finds back but from ssh console, I can not ping anything. Our gateway is a router that allows all icmp, firewall sits behind the router so nothing there to block ping to the gateway there. And it works with ethernet cable ...

How did you get the machine to authenticate to 802.1x while at the login window? I have done it in the past with a hand edited configuration profile using a generic AD username/password set to authenticate the machine. Is this what you are doing?

Back from my vacation... bellow you can see exactly what my problem is. Any idee on this is? A wounder if it may be arp thats messed up.

Just wireless connection, connected over ssh from a machine on a diffrent subnet
Got and correct ip thrue dhcp
ms002527:~ casperuser$ ifconfig en1
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 10:40:f3:a6:eb:48 inet6 fe80::1240:f3ff:fea6:eb48%en1 prefixlen 64 scopeid 0x4 inet 10.11.128.3 netmask 0xfffff000 broadcast 10.11.143.255 nd6 options=1<PERFORMNUD> media: autoselect status: active

Have a defualt route that point at the gateway ms002527:~ casperuser$ netstat -f inet -rn
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.11.143.254 UGScI 4 0 en1
10.11.128/20 link#4 UC 0 0 en1
10.11.128/20 link#4 UCSI 4 0 en1
10.11.128.3 127.0.0.1 UHS 0 0 lo0
10.11.130.2 f0:db:f8:33:74:a9 UHLWI 0 0 en1 545
10.11.143.254 0:22:83:d7:e7:c1 UHLWIir 3 2 en1 1110
10.11.143.255 ff:ff:ff:ff:ff:ff UHLWbI 0 1 en1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 1 0 lo0
169.254 link#4 UCS 0 0 en1

Can't send packet becuse no route exist, have also test dns. The route is in the routing tabel above.
ms002527:~ casperuser$ ping 192.168.7.2 (dhcp server)
PING 192.168.7.2 (192.168.7.2): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
Request timeout for icmp_seq 0
^C
--- 192.168.7.2 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

I can reach the routers ip
ms002527:~ casperuser$ ping 10.11.143.254
PING 10.11.143.254 (10.11.143.254): 56 data bytes
64 bytes from 10.11.143.254: icmp_seq=0 ttl=64 time=1.969 ms
64 bytes from 10.11.143.254: icmp_seq=1 ttl=64 time=3.716 ms
64 bytes from 10.11.143.254: icmp_seq=2 ttl=64 time=3.985 ms
^C
--- 10.11.143.254 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.969/3.223/3.985/0.894 ms
ms002527:~ casperuser$

Eternet cabel and wireless conection on the same network

Confirm ethernet config
ms002527:~ casperuser$ ipconfig getpacket en0
op = BOOTREPLY
htype = 1
flags = 0
hlen = 6
hops = 0
xid = 2580699010
secs = 0
ciaddr = 0.0.0.0
yiaddr = 10.11.130.7
siaddr = 0.0.0.0
giaddr = 10.11.143.254
chaddr = 40:6c:8f:3:4b:90
sname =
file =
options:
Options count is 10
dhcp_message_type (uint8): ACK 0x5
renewal_t1_time_value (uint32): 0x54600
rebinding_t2_time_value (uint32): 0x93a80
lease_time (uint32): 0xa8c00
server_identifier (ip): 192.168.7.2
subnet_mask (ip): 255.255.240.0
router (ip_mult): {10.11.143.254}
domain_name_server (ip_mult): {192.168.6.1, 192.168.6.2}
domain_name (string): mk.se
end (none):

Confirm that wireless have the same credintial and is on the same network as ethernet
ms002527:~ casperuser$ ipconfig getpacket en1
op = BOOTREPLY
htype = 1
flags = 0
hlen = 6
hops = 0
xid = 1900138825
secs = 0
ciaddr = 0.0.0.0
yiaddr = 10.11.128.3
siaddr = 0.0.0.0
giaddr = 10.11.143.254
chaddr = 10:40:f3:a6:eb:48
sname =
file =
options:
Options count is 10
dhcp_message_type (uint8): ACK 0x5
renewal_t1_time_value (uint32): 0x54600
rebinding_t2_time_value (uint32): 0x93a80
lease_time (uint32): 0xa8c00
server_identifier (ip): 192.168.7.1
subnet_mask (ip): 255.255.240.0
router (ip_mult): {10.11.143.254}
domain_name_server (ip_mult): {192.168.6.1, 192.168.6.2}
domain_name (string): mk.se
end (none):

Checking that the routing tabel has a default route ms002527:~ casperuser$ netstat -f inet -rn
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.11.143.254 UGSc 13 3 en0
default 10.11.143.254 UGScI 3 0 en1
10.11.128/20 link#4 UCS 1 0 en0
10.11.128/20 link#5 UCSI 2 0 en1
10.11.128.3 127.0.0.1 UHS 0 3 lo0
10.11.130.7 127.0.0.1 UHS 0 1 lo0
10.11.143.254 0:22:83:d7:e7:c1 UHLWIir 14 0 en0 1084
10.11.143.254 0:22:83:d7:e7:c1 UHLWIir 2 0 en1 1084
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 2 12 lo0
169.254 link#4 UCS 0 0 en0

Send a ping to a site on the internet and get a replay.
ms002527:~ casperuser$ ping gp.se
PING gp.se (80.76.155.148): 56 data bytes
64 bytes from 80.76.155.148: icmp_seq=0 ttl=113 time=14.043 ms
64 bytes from 80.76.155.148: icmp_seq=1 ttl=113 time=13.253 ms
64 bytes from 80.76.155.148: icmp_seq=2 ttl=113 time=13.740 ms
^C
--- gp.se ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.253/13.679/14.043/0.325 ms

Finaly I test sendning a ping usning the wifi interface when also connected over ethernet cabel and it works. But if i remove the cabel it goes bad again.
ms002527:~ casperuser$ ping -b en1 gp.se
PING gp.se (80.76.155.148): 56 data bytes
64 bytes from 80.76.155.148: icmp_seq=0 ttl=113 time=15.462 ms
64 bytes from 80.76.155.148: icmp_seq=1 ttl=113 time=15.458 ms
64 bytes from 80.76.155.148: icmp_seq=2 ttl=113 time=14.848 ms
64 bytes from 80.76.155.148: icmp_seq=3 ttl=113 time=15.146 ms
64 bytes from 80.76.155.148: icmp_seq=4 ttl=113 time=17.533 ms
64 bytes from 80.76.155.148: icmp_seq=5 ttl=113 time=18.089 ms
64 bytes from 80.76.155.148: icmp_seq=6 ttl=113 time=13.932 ms
64 bytes from 80.76.155.148: icmp_seq=7 ttl=113 time=16.449 ms
64 bytes from 80.76.155.148: icmp_seq=8 ttl=113 time=22.238 ms
^C
--- gp.se ping statistics ---
9 packets transmitted, 9 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.932/16.573/22.238/2.352 ms