Network settings configuration (WIFI Configuration - 802.1X Fails on macOS)

mani2care
Contributor

I have configured the network settings and deployed to 250 device and 60 % of device its got success and wifi is auto connected (certificate - certroot A) and no issue and only 40 % of device is having issue (certroot B) and not getting conneted and getting below error all the time.

once thing i noted without network settings its working fine user able to connect the wifi only when i apply that certificate and network settings its getting below error & certificate is valid and same i am using in jamf for the deployment & its trusted in jamf aswell.

2024-04-19 13:53:35.239211+0200 localhost eapolclient[8831]: [com.apple.eapol:Client] en0 START uid 501 gid 20
2024-04-19 13:53:35.275909+0200 localhost eapolclient[8831]: [com.apple.eapol:Client] EAP identity privacy is not required
2024-04-19 13:53:35.281989+0200 localhost eapolclient[8831]: [com.apple.eapol:Client] en0: 802.1X User Mode
2024-04-19 13:53:35.546909+0200 localhost eapolclient[8831]: (EAP8021X) [com.apple.eapol:Client] output handler received message_length: [154], is_complete:[false]
2024-04-19 13:53:35.546931+0200 localhost eapolclient[8831]: (EAP8021X) [com.apple.eapol:Client] [output_handler]: updated handshake status to [errSSLWouldBlock]:[-9803]
2024-04-19 13:53:35.637896+0200 localhost eapolclient[8831]: (EAP8021X) [com.apple.eapol:Client] trust exception not applied, trust settings not applied
2024-04-19 13:53:35.640513+0200 localhost eapolclient[8831]: (EAP8021X) [com.apple.eapol:Client] SecTrustEvaluateWithError failed, Error Domain=NSOSStatusErrorDomain Code=-67602 "“IT-S-RAD.XXX.com” certificate name does not match input" UserInfo={NSLocalizedDescription=“IT-S-RAD.XXX.com” certificate name does not match input, NSUnderlyingError=0x13a9114e0 {Error Domain=NSOSStatusErrorDomain Code=-67602 "Certificate 0 “IT-S-RAD.XXX.com” has errors: Trusted EAP hostname does not match name(s) in certificate;" UserInfo={NSLocalizedDescription=Certificate 0 “IT-S-RAD.XXX.com” has errors: Trusted EAP hostname does not match name(s) in certificate;}}}
2024-04-19 13:53:35.640539+0200 localhost eapolclient[8831]: (EAP8021X) [com.apple.eapol:Client] server certificate not trusted status 1001 -9807
2024-04-19 13:53:35.640582+0200 localhost eapolclient[8831]: (EAP8021X) [com.apple.eapol:Client] output handler received message_length: [7], is_complete:[false]
2024-04-19 13:53:35.640594+0200 localhost eapolclient[8831]: (EAP8021X) [com.apple.eapol:Client] [output_handler]: updated handshake status to [errSSLWouldBlock]:[-9803]
2024-04-19 13:53:35.640704+0200 localhost eapolclient[8831]: [com.apple.eapol:Client] en0 EAP-TLS: authentication failed with status 1001
2024-04-19 13:53:35.645405+0200 localhost eapolclient[8831]: [com.apple.eapol:Client] State=Held Status=SecurityError (1001): errSSLXCertChainInvalid (-9807):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AdditionalProperties</key>
<dict>
<key>TLSServerCertificateChain</key>
<array>
<data>
MIIGqTCCBJGgAwIBAgITHQAC9XiFH3YX5Tno/AAFAAL1eDANBgkq
hkiG9w0BAQsFADBwMQswCQYDVQQGEwJDSDEPMA0GA1UECBMGWnVy
aWNoMQ8wDQYDVQQHEwZadXJpY2gxJDAiBgNVBAoTG0FCQiBJbmZv
cm1hdGlvbiBTeXN0ZW1zIEx0ZDEZMBcGA1UEAxMQQUJCIElzc3Vp
bmcgQ0EgMzAeFw0yMzA0MTIxMjIwMDZaFw0yNTA0MDExMjIwMDZa
MGQxCzAJBgNVBAYTAkNIMQ8wDQYDVQQHEwZadXJpY2gxIjAgBgNV
BAoTGUFCQiBBc2VhIEJyb3duIEJvdmVyaSBMdGQxIDAeBgNVBAMT
F0lULVMtUkFEMDAwMy5pdC5hYmIuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEArcW8wIT8lZPXs8iAt4x9U6GjXJ16
xPuCGzWcEOERahE6mTn+VHcgyodyP0wsR1D2lRpqyW2DNlUX8
MALObl5mYZkJ1NBuxP6FaDxz+M/pnkXrQqxJIFs8ipa7ArpHGD6z
J6Ag5fo5QTqFITIUAp5nW90fjeYi5HyH9SB3VxIczO5<…>
2024-04-19 13:53:37.088668+0200 localhost eapolclient[8831]: [com.apple.eapol:Client] en0 STOP
0 REPLIES 0