Posted on 05-26-2015 08:40 AM
I have minimal knowledge with this topic and I would like some help on this. Currently, our Macs are on AD bind but manually configuring wireless. I would like to get to the point for Macs to use AD login credentials for Wireless login. How and What type of information do I need? Here is the details I have so far.
Security: WPA/WPA2 Enterprise
Authentication: PEAP (MSCHAPv2)
Certificate received from CA when connecting manually to SSID.
I'm using the Configuration Profiles on JSS to create the profile but it doesn't seem to work. Which options should I enable/disable to make this work?
This is what I have so far.
Auto Join: Checked
No Proxy
Security Type: WPA/WPA2 Enterprise
Use as a Login Window configuration: unchecked
Accepted EAP Types: PEAP
Use Directory Authentication: Checked
Outer Identity: None
I have the Trusted Certificates uploaded from our CA server that received when I connect to SSID manually.
I am unclear on what "Use as a Login Window Configuration" and "Outer Identity", if someone can explain this to me.
Thanks in advance.
Posted on 05-26-2015 10:26 AM
The easy questions first:
"Use as a Login Window Configuration" facilitates authentication at the login prompt to the wireless network (by default, wireless is disabled until after login)
"Outer Identity" would be used if you are able to authenticate through a firewall from outside your network I believe.
I will attach screen shots of how we configured our wireless login profile. We did have to capture and include certificates for our wireless network required to connect (we extracted those from the keychain of a test system after authenticating to wireless)
Posted on 05-28-2015 04:56 AM
Thanks Don, I will try this out.
Posted on 06-09-2015 07:36 AM
I finally got around to setting up the configuration manager on JSS and now this is not working like Mac OS X server. I don't have the "Use Directory Authentication" option. Anyone know why?
Posted on 06-09-2015 08:05 AM
What you see there is an user profile for wifi, if you want the directory authentication piece, you need to go to the general tab and select computer profile.
Posted on 06-09-2015 11:59 AM
Oh ok got it. Thanks a lot.