Help

Wireless Authentication

bobclements
New Contributor

Posted on ‎06-11-2014 03:41 PM

Hello All -

I'm working with a Steel-Belted Radius server + AD Authentication for wireless. I've setup the following:

  • Created configuration profiles to deploy my certificates. This works. Both import successfully as trusted.
  • Created configuration profile for my wireless 802.1X network:

Hidden Network / Auto Join Security Type: WPA / WPA2 Enterprise Use as a Login Window configuration (does this pass login creds for authentication? Computers are domain joined and users login with domain creds.) Protocols: TTLS Username/Password BLANK (users need to auth with their own creds. I filled mine in and tested to confirm the profile works) Inner Authentication: MSCHAPv2 Outer Identity: $COMPUTERNAME

Problem:

The network doesn't auto join. If I manually select the network I get an error: The Wi-Fi network "my network" could not be joined.

As soon as I fill in the username and password field within the configuration profile the computer(s) auto join without an issue. So I'm assuming that is the missing piece here. How do I get this to automatically pass the current user's credentials? Or worse case... manually input them?

0 Kudos
Reply
5 REPLIES 5

pat_best
Contributor III

Posted on ‎06-12-2014 09:41 AM

In a configuration profile, combine your certificates and 802.1x settings together. This allows you to select your authentication protocols and your certificate trust settings. You are correct that an AD bound Mac with a login windows 802.1x profile will pass the user login credentials into your wireless profile. I am not sure why you see a name and password field when using a login window profile as those should go away once you click that box. What version is your JSS?

0 Kudos
Reply

ooshnoo
Valued Contributor

Posted on ‎06-12-2014 12:13 PM

leave the username and password fields blank. you don't need them since the credentials used for logging into the computer are going to be used for authentication.

0 Kudos
Reply

bobclements
New Contributor

Posted on ‎06-12-2014 01:14 PM

Thank you both for the feedback. I'm still learning the UI =)

In this case it was just a matter of clicking the Trust toggle and checking the box for my certs as pat suggested. Authentication is now solid!

0 Kudos
Reply

pat_best
Contributor III

Posted on ‎06-12-2014 02:00 PM

great!! glad you got it going!

0 Kudos
Reply

rcastorani
New Contributor II

Posted on ‎09-14-2015 08:01 AM

@bobclements If you don't mind me asking, is your login window set to list users or show name and password field? I haven't been successful with 802.1x authentication and the user list login window yet. Just curious what your setup is. Thanks.

0 Kudos
Reply