Pass Login Window Credentials to WiFi (PEAP Authentication)

New Contributor


We are trying to setup our Macs to authenticate against Active Directory over WiFi (with PEAP authentication).

We would like a new user to be able to login to the Mac without having to connect an Ethernet cable.

We have a configuration profile setup via Casper with the following:
Auto Join: Checked
Use as a Login Window configuration: Checked.
Use Directory Authentication: Checked.

The wireless network appears as an option at login but a new user is still unable to login to the Mac. If a user that already has a user account logs in, they are able to get in but they will be unable to connect to WiFi.

Additionally, we have FileVault enabled and we do not want users to have to login twice.

Does anyone have any experience or thoughts on the best way to go about doing this?



New Contributor III

I would check the Trusted Server Certificate names setting. Most of the time when I've had trouble it has been related to that. Is your network team able to see the Mac trying to authenticate?

New Contributor III

Are you running Sierra? The reason I ask is that we have virtually the same situation as yours, and have had the same issue with new Macs running MacOS 10.12.2. We use a .mobileconfig file to appiy the same settings you mentioned. The .mobileconfig file works fine on machines running Mac OS 10.11.6, but not on our Sierra machines. (Even though the .mobileconfig file was created on a machine running MacOS Sierra and the latest version of MacOS Server!) The Trusted Server Certificate name is correct, and like you said, if you already have an account, once you're logged in, you still can't get WiFi to work. (However, if you are logged in as an admin, remove the profile in System Preferences and set up WiFi manually, it will work.) I've been fighting this for a few days and haven't made any progress, so if anyone has any ideas, we'd love to hear them!

New Contributor

Anyone able to find a fix for this?