Skip to main content
Question

Pushing Profiles to Macintosh to do AD computer authentication

  • July 10, 2019
  • 5 replies
  • 47 views
A
Forum|alt.badge.img+2

Hi All,

Can we use Jamf Pro to do computer authentication (PEAP) with ISE using Active Directory for Macintosh Endpoints? Is there any KB or article to perform this?

Thanks,

Aravind.

5 replies

C
Forum|alt.badge.img+8
  • cnorrisAdmin
  • Contributor
  • July 10, 2019

Hi Aravind,
These might be helpful:
OS X Mavericks: Using advanced Active Directory options in a configuration profile
https://support.apple.com/en-us/HT202834

Working for Apples: A Windows Administrator's Guide to Serving Macs
http://www.peachpit.com/articles/article.aspx?p=430214&seqNum=2

Best Practices for Integrating OS X with Active Directory
http://www.enpointe.com/images/pdf/Integrating-OS-X-with-Active-Directory.pdf

Chris

    A
    Forum|alt.badge.img+2
    • aravikumar
    • Author
    • New Contributor
    • July 11, 2019

    Hi Chris,

    Thank you for your response. Can you please provide an article to push network config profile to Macs to do PEAP computer authentication using JAMF? I could not find any articles. In this pdf http://www.enpointe.com/images/pdf/Integrating-OS-X-with-Active-Directory.pdf
    it says that there is a way to do this using JAMF software.

    Thanks and Regards,

    Aravind Ravikumar.

    K
    Forum|alt.badge.img+6
    • KSchroeder
    • Contributor
    • July 12, 2019

    Yes, this can be done. Where it can get complicated is if you need to use per-computer certificates (complicated), or a single certificate (easier). If you have a .PFX file, you can upload it into a "Certificate" payload in a Configuration Profile (set to Computer scoping), then configure the Network payload with the TLS Protocol, and select the Certificate uploaded in the Identity Certificate selection.

    If you need per-computer certificates, it is a bit more complicated as you need to configure the AD Certificate payload, and set the Username to $COMPUTERNAME (err, something like that).

    Please use the search here in JN; there are other posts about how to do this that explain it in more of a step-by-step process.

    K
    Forum|alt.badge.img+6
    • KSchroeder
    • Contributor
    • July 12, 2019

    https://www.jamf.com/jamf-nation/discussions/27058/eap-tls-certificate-based-wifi-authentication#responseChild160581 for one example.

    C
    Forum|alt.badge.img+7
    • cleverleys
    • Contributor
    • July 16, 2019

    Hi, I agree with @KSchroeder this is exactly what we have done, with a single certificate.
    Mac devices are bound to AD and the AD object is added to a Wireless security group that is part of our radius setup.

    Then in Jamf, create a wireless profile, specify the SSID and use computer based authentication, specifying PEAP / TLS etc, making sure that WPA2 Enterprise, or Enterprise ANY is used. Then specify your uploaded certificate, scope it out and you should be good to go.

    Terms & ConditionsCookie settingsAccessibility statement