Posted on 04-20-2015 06:54 AM
The JSS is sending the configuration profile to the mac but no Identity preference or 802.1x Password is being generated in keychain
We have the same configuration for Wifi and this is working fine we are running 9.61 in our live environment but I have upgraded the test pallor to 9.65 and 9.7 without success
Our config is using TLS and a machine certificate generated dynamically by our MS SCEP server so adding this manually makes this a little difficult.
Posted on 04-20-2015 07:54 AM
Hi, does the machine cert get created ok and added to the keychain? Could you add a screenshot of your profile, perhaps with sensitive info removed?
Posted on 04-20-2015 08:05 AM
Hi @davidacland
Cert is created fine just missing the Identity preference and 802.1x Password in the system keychain
Posted on 04-20-2015 08:06 AM
)
Posted on 04-20-2015 10:02 AM
To get around the JSS issues we were having with 802.1x Ethernet Profiles, we just make our Profiles the Server app and import into the JSS. Make sure to sign them so they are read only before importing into the JSS. For some reason when we did not sign them they would get modified by the JSS and not work anymore.
I hope this helps.
Posted on 04-20-2015 11:17 AM
Configuration profiles are just xml documents that specify preferences. I found, when creating them on the JSS, that many more preferences were specified than I actually wanted to control. Basically, if you want to set one preference contained on a "page" of preferences, all of them get set. That is true if you create them in the JSS or upload them unless, as @Jedberg points out, they are signed before uploading.
If you don't need to use payload variables within your configuration profiles, which I believe are parsed, signed and delivered per device, I would suggest creating custom configuration profiles using Apple's Server application or hand-modifying them using a text editor. Sign them, and then upload them into your JSS infrastructure for delivering. This ensures that you won't start accidentally delivering configuration settings to your fleet that you weren't intending to. On the other hand, you are taking a degree of control over from the Casper Suite so you might not get added benefits as things change "automatically".