WiFi 802.1x reconnect issue after waking from sleep

jlong
New Contributor II

We recently acquired one of the new MacBook's in our environment, and due to the USB-C port opted to manually configure it rather than image, as our imaging method only works via ethernet at the moment. For some reason the laptop would not reconnect via WiFi after waking the computer from sleep. Specially the 802.1x component failed to reconnect (we use PEAP in our environment).

The user of the computer is technical and was trying to use AppleScript to automatically reconnect, but could not find a way to specify the "Connect" button in Network Preferences. Modifying a script I found here, this worked for him. He suggested I pass it along as we came across others in the wild with a similar problem, and the link listed above was a little tricky to find. Hope someone finds it helpful.

do shell script "/usr/sbin/networksetup -setairportpower en0 on"
delay 2
tell application "System Preferences" activate reveal pane id "com.apple.preference.network" reveal anchor "Wi-Fi" of pane id "com.apple.preference.network"
end tell
tell application "System Events" tell window 1 of process "System Preferences" click button 2 of group 1

if title of button 2 of group 1 begins with "Connect" then

click button 2 of group 1 end if end tell
end tell

50 REPLIES 50

uurazzle
Contributor II

One idea on a workaround is to use crankd to detect an wake or network event and reconnect to the wireless, it’s part of the PyMacAdmin set of tools <https://github.com/nigelkersten/pymacadmin>. We are doing something similar on another project for a kiosk that we might be able to use on this issue.

I will post if we come up with anything useful.

nobozo
New Contributor

I just switched to a Radius-as-a-Service company. The wireless network that used to work fine with WPA2-Personal now uses WPA2-Enterprise and authenticates fine, but I'm now experiencing the same kind of dropouts when waking from sleep that others in this thread have mentioned.

I just installed OSX 10.11.1, which came out yesterday, but I don't know yet if this made a difference. I'm still gathering data.

This is not a problem I was expecting when switching to Radius.

uurazzle
Contributor II

Here is our reconnect script:

https://github.com/univ-of-utah-marriott-library-apple/802.1x_reconnect

Which is a workaround the issue.

tcam
Contributor

Have you tried modifying the sleep behavior of the computer?

IE: Policy on enrollment complete process pmset -c sleep 0 displaysleep 180 disksleep 180 womp 1 networkoversleep 0

nobozo
New Contributor

I've been fooling around with 10.11.1 and things seem much better. I don't have enough data yet to say things are fixed but it's looking good.

Jon

kidtrebor
New Contributor

Hi,

Was any fix for this problem ever identified? We have an 802.1x WPA2 Enterprise wireless network with Windows Server 2012 RADIUS server and Wi-Fi auto-login pushed to the login screen of our Macbooks by Casper configuration profile, exactly as described above, and are seeing the same issues.

We have had reports of the issue happening after waking from sleep and during use so not 100% sure of the trigger. Also worth noting that our Macbooks lock when put to sleep, so the password has to be entered.

The problem only happens on 802.1x with these laptops - staff's own Macbooks are fine; iPads are fine, mobile phones of all kinds, etc.

Macbooks are 10.11.6 El Capitan.

I've done a small testing sample with 10.12.1 Sierra, but haven't been able to reproduce. Interestingly the prototype doesn't lock the screen when it goes to sleep.

Regards,
Robert

kidtrebor
New Contributor

Hi,

I have been doing further research on our RADIUS server and observed that on a small number of occasions our laptops send machine credentials rather than user credentials - these authentication requests are rejected, as the computer objects are not permitted to authenticate based on any policy we have. I have a theory that this might be causing the issues we are seeing and plan to implement a work-around policy to permit the Domain Computer credentials to test the theory out.

This isn't an ideal solution though, as we have different SSIDs for different groups of users and such a solution could accidentally allow the wrong user onto the wrong SSID. Does anyone have any idea why the Macbooks would be doing this?

Regards,
Robert

jrserapio
Contributor

@kidtrebor I am running into this as well, but using Cisco for 802.1x instead of Windows. In my scenario, you would have to click on the network you want to join. Worked ok in Yosemite. Testing with Sierra now, ill report if I find anything useful.

kidtrebor
New Contributor

@jrserapio - not quite sure what you mean by having to click on the network - that's from the desktop or the login screen? If the latter that's also what we're doing. Suppose this could be an incompatibility/issue between Casper and Windows Server?

Regards,
Robert

bdelamarche
New Contributor III

Hi all some of you had experience with macOS 10.14.4 regarding this subject ?

willjdaniel
New Contributor II

@bdelamarche Yes, but with ethernet 802.1x not Wifi.