- Jamf Nation Community
- Products
- Jamf Pro
- OSx and DEP Wi-Fi question
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
OSx and DEP Wi-Fi question
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-04-2017 07:20 AM
Hi, i've been imaging apple computers using Deploy Studio, however rumors running around that might be impossible in the near future i've started looking at DEP even for OSx (already running it on iPads).
However i've run in to a bit of a problem, since my organisation does not allow open wifi's and uses 802.11x certificates to authenticate to the wifi you might understand the problem with running "setup assistant" for enrollment.
On iPads i've been able to install the certificate configuration profiles over apple configurator without completing setup assistant (allowing students to complete enrollment with their credentials and get the device automatically tagged to their AD account in MDM)
This does not seem to work for me on OSx, even when i tried imaging and installing the configuration profile with all the certs + wifi data and resetting the assistant (rm /var/db/.AppleSetupDone) it still wont connect to the Wi-Fi during setup assistant (system profiles ofcourse not user profiles)
anyone got any ideas?
(earlier all the certificate deployments have been done during imaging while on ethernet, however i can't bring ethernet to all the classrooms during school start)
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-04-2017 07:39 AM
we run a similar setup. As part of the setup wizard, we connect to our wifi ssid manually (requires accepting the certs). Then have a config profile scoped to the dep wifi group that comes down during the setup enrollment process. The thing to remember is that jamf's current iteration of DEP doesn't have a wait for setup complete (see this feature request).
So our workaround is to wait for about 90 seconds on a setup wizard screen (ours is the time zone since we turn off the others) before clicking through to the end of the setup wizard. That allows the certificates and wifi profile to come down so you can login.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-04-2017 07:52 AM
I'm in the same boat. I found that it won't work unless I make people hold tight at the Time Zone screen for a minute or so.
In fact I submitted a Feature Request like just last week. So go up vote this! https://www.jamf.com/jamf-nation/feature-requests/6263/configure-wifi-with-prestage-enrollment-for-c...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-04-2017 08:41 AM
Same here. In our testing we are also seeing the need to wait for couple of minutes after manually connecting to WiFi. We are also seeing that if you configure certs in the pre-stage enrollment then the machine no longer connects to MDM server at setup assistant reliably. Working with support now to see if this is a bug or are we not using it properly. Will update......
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-04-2017 09:04 AM
@jwojda , do you just tell your end users to wait? Is there a way to force them to wait?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-04-2017 09:08 AM
I haven't forced them to wait, just documentation.
We have a deployment group that does the initial setups for now, even they forget once in a while, until jamf integrates the
await_device_configuredkey in its enrollment profile along with the
DeviceConfiguredcommand, that's going to be the best we can do.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-04-2017 01:52 PM
I agree with everything said here.
I have spoken with Jamf about the wait but they don't seem interested in implementing it. I know other MDMs have it on both macOS and iOS.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-04-2017 02:22 PM
By the way there's also this feature request that might overlap what I posted earlier and help and it's a lot more popular, soooo it might actually get done.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-08-2017 07:25 AM
So there is no way circumventing a manual setup unless you have an open Wi-Fi setup, dosen't feel like the zero touch which DEP promises.
Let's hope they never break imaging then, otherwise mac setup times will take much longer.
The whole point was that i wanted to have the users complete the enrollment and automatically bind the computers to their AD account in the MDM, and since i cant get the Wi-Fi certificate on the mac before the MDM enrollment process is done (or well the setup assistant ignores the profiles present in the background anyways) i'm stuck.
i should also note that my organisation won't pay for jamf however much i want it, so i have to find other ways. (currently intune on the horizon for all devices in the organization)
