I'm working on a new .mobileconfig file to distribute 802.1x settings.
I can make this work in a file built by ProfileManager, but when I build what appears to be the same thing on my JSS and load it on a test box, I'm getting "Acquired: cannot prompt for missing user name" from eapolclient in console.app.
I want to compare the two mobileconfig files, so I converted the PM file with plutil:
>>plutil -convert xml1 PMFile.mobileconfig
When I try to convert the JSS-generated file:
>>plutil -convert xml1 JSSFile.mobileconfig JSSFile.mobileconfig: Property List error: Unexpected character 0 at line 1 / JSON error: JSON text did not start with array or object and option to allow fragments not set.
Is there a way to get a standard Property List file from the JSS? (I can't convert to JSON either).
Solved! Go to Solution.
That's a good thought, but in this case, we have "Use Directory Authentication" checked, so we have only the "Outer Identity" field, where I'm using %AD_ComputerID% , which we've used on our previous configuration profiles successfully -- we usually see something like "eapolclient: System Mode using OD account 'CONTOSOMacADName$' ."
JAMF Support was able to explain this -- the configuration profile is signed with the JSS profile, which is why it won't convert and can't be directly read.
You can import the profile into iPhone Configuration Utility, remove the code signing, and export to view all or most of the settings. I say "all or most" because some properties aren't supported by iPCU, which tells me it's going to remove them. I haven't confirmed that it does this yet.
This is a minor update to an old topic, addressing a typo in @dpratl 's command and piping the output through xmllint to "prettify" it for easier human readability. This dumps an .xml file in the same path as the original .mobileconfig:
security cms -D -i MyProfile.mobileconfig | xmllint --pretty 1 - > MyProfile.xml