Our wireless is set up as EAP-TLS with computer certificates issued by our CA. We are doing this using a profile issued by the JSS. (RPC call to the CA to pull the cert, then SSID and such set to use that cert). I am running into an issue where the profile installs properly, and pulls down a valid certificate, and creates the entry in the system keychain for the wireless connection, but the wireless doesn’t really ever connect. I was looking through settings a bit, and found that raspberry (our SSID) never shows up in the preferred networks list.
Have you guys ever seen this? Any idea why this may be? It was working well until like a week or so ago (I’m only seeing the issue on machines that are newly imaged, or that we have had to re-push the profiles down to). If i manually set up the wireless connection, it works on a per-user basis, but not on the computer level.
Not sure, we do ours all by script: get a kerberos ticket for the system, request a cert from the CA, re-encode it, shove that into a custom pre-built configuration profile which gets echoed to a .mobileconfig file, then install with the profiles command.
I personally don't like having the JSS manage profiles, I lose a lot of control over the process and it's hard to track down bugs (JSS or OS). Just my two cents. I've never seen the missing SSID issue you described but it sounds like a profile payload issue.