Posted on 01-15-2014 01:08 PM
Hi - been wrestling with this. We have Windows 2k8 R2 AD as our RADIUS server. I would like our mac's to boot up and pass the user login credentials that they input in the login window to the RADIUS server and authenticate to the network. We currently have a Configuration profile pushed out to clients using WPA2 enterprise but the user has to log in first then they are prompted to enter their domain credentials. They successfully log in when the laptop is plugged into the network via cable. I would like to have this done wirelessly.
I hope this makes sense.
Posted on 01-15-2014 02:18 PM
Why not just have the computer authenticate with it's AD computer record? Then the computer is authenticated as soon as it boots up and no need to wait for a login to occur.
Posted on 01-15-2014 04:38 PM
we've had the same issue as well. here's how i got around it.
This isnt really usable for a lab environment as it uses a fixed username for the profile so it's not going to be exactly what you need, but it's as close as i've gotten recently. Build a wireless profile in IPCU with all the settings you need and a valid certificate and export it. open it up in text edit and trim the junk out, then add a few values.
under the value of
<string>Manual</string> <key>SSID_STR</key> <string>YOURNETWORKNAME</string>
add these lines
<key>SetupModes</key>
<array>
<string>System</string>
</array>
now move down to the bottom of the document and under the value of
<key>PayloadVersion</key> <integer>1</integer>
add these lines
<key>PayloadScope</key> <string>System</string>
save it and exit, and double click to install it under profiles in system preferences, then test it.