Need help with 802.1X wireless profile

tak10
Contributor II

I have minimal knowledge with this topic and I would like some help on this. Currently, our Macs are on AD bind but manually configuring wireless. I would like to get to the point for Macs to use AD login credentials for Wireless login. How and What type of information do I need? Here is the details I have so far.

Security: WPA/WPA2 Enterprise
Authentication: PEAP (MSCHAPv2)
Certificate received from CA when connecting manually to SSID.

I'm using the Configuration Profiles on JSS to create the profile but it doesn't seem to work. Which options should I enable/disable to make this work?

This is what I have so far.
Auto Join: Checked
No Proxy
Security Type: WPA/WPA2 Enterprise
Use as a Login Window configuration: unchecked
Accepted EAP Types: PEAP
Use Directory Authentication: Checked Outer Identity: None
I have the Trusted Certificates uploaded from our CA server that received when I connect to SSID manually.

I am unclear on what "Use as a Login Window Configuration" and "Outer Identity", if someone can explain this to me.

Thanks in advance.

5 REPLIES 5

donparfet
Contributor

The easy questions first:
"Use as a Login Window Configuration" facilitates authentication at the login prompt to the wireless network (by default, wireless is disabled until after login)
"Outer Identity" would be used if you are able to authenticate through a firewall from outside your network I believe.
I will attach screen shots of how we configured our wireless login profile. We did have to capture and include certificates for our wireless network required to connect (we extracted those from the keychain of a test system after authenticating to wireless)
09da2ea3e21c4484b39ed100843f9658
c112ced89e1e44ea84a6c386bd217fe5
72d0253ef3b74f6297808341978c9689

tak10
Contributor II

Thanks Don, I will try this out.

tak10
Contributor II

I finally got around to setting up the configuration manager on JSS and now this is not working like Mac OS X server. I don't have the "Use Directory Authentication" option. Anyone know why?

8bdf9937a2c841b7a5a7f906049b0ad9

pat_best
Contributor III

What you see there is an user profile for wifi, if you want the directory authentication piece, you need to go to the general tab and select computer profile.

tak10
Contributor II

Oh ok got it. Thanks a lot.