We are looking at moving from WPA-Personal PSK to WPA-Enterprise 802.1x. We have over 1000 Macbooks, running Sierra, Windows 2012 R2, Windows NPS for Radius and a test AP configured for 802.1x. I have setup NPS, created a JAMF profile and pushed it to a test Mac. Once the profile, with certs, is on the machine I can go into settings, network and click 802.1x connect button and it works.
When I log out, or restart, there is no network till I log into the local account. Once logged in, the 802.1x network comes up and I have connectivity.
Can anyone help me! I have scoured the internet and all answers are useless for getting this done.
It depends on your infrastructure, but we have this working in Sierra with the following settings using Cisco wireless:
In the Network WiFi Payload we use these settings:
-AutoJoin – Yes
-Hidden Network – Yes
-Security Type – WPA2 Enterprise
-Use as a Login Window Configuration – Yes
-Use Directory Authentication - Yes
Then we create an AD "User" that this profile connects to (with a PW that never changes). We isolate these down to rooms, but you could set these accounts up in a way that works for you. Macs don't support genuine AD 802.1x "computer" accounts in the same way that Windows does, creating this hurdle when you're first setting it up.
There could be a way to set this up with certificate-based authentication that doesn't use the method above, but I haven't tested that approach yet. Mine likely isn't very scalable.