MacOS DEP over Eduroam

Slawford
New Contributor III

Hi Friends ,

We are now doing most provisioning using DEP and we have a JSS in the DMZ so clients can go through the process no matter where they are located . One problem we have is when the the user is going through the Welcome Wizard process on their MacBook , select the Eduroam network , it only asks for a password and not the username ... so cant proceed . I have confirmed with the network team that we have eduroam auth set to 802.1X authentication using TTLS . Is anyone successfully connecting to eduroam while going through the Apple Welcome wizard ?

Process works for iPad but have confirmed iOS WiFi requirements are a bit different for this to work .

8 REPLIES 8

Look
Valued Contributor III

iOS recently moved to allowing user:password authentication during Setup, previously you couldn't do that over Eduroam either, macOS still does not, I doubt DEP over Eduroam is going to be possible until that happens.

Slawford
New Contributor III

@Look 10.12 at least supports it , http://help.apple.com/deployment/macos/#/ior5e0df8ab7

Look
Valued Contributor III

@Slawford "The macOS Setup Assistant supports 802.1X authentication with username and password credentials using TTLS or PEAP."
YAY!
About time to, our entire Wi-Fi infrastructure is all user authenticated and it has been a real pain not being able to connect during Setup.
I figured it was on the way given it appeared in iOS a couple of versions ago.

davidhiggs
Contributor III

@Look It really went under the radar, I only came across it by chance when doing some testing on our dev wifi network.

@Slawford We're using Cisco here. Ask your network team if you have both WPA1 and WPA2 PSK enabled (for legacy reasons). We found that when both are enabled for the SSID, it will cause the problem you're seeing. Either one can be enabled independently, just not together. If you have a dev network available for testing, ask them to duplicate your production SSID and remove WPA1. Let me know how you go!

Slawford
New Contributor III

@davidhiggs thanks champ , does look like that's how things are configured here , will make a change in dev and see how we go :)

Look
Valued Contributor III

Likewise, we still have WPA1 enabled, will test when I get another DEP device available.

Slawford
New Contributor III

Yep that did the trick! Thanks Mate :)

davidhiggs
Contributor III

@Slawford Awesome to hear, no worries at all! Good luck @Look