Sigh. Made a bunch of policy excludes to reduce extensions... off to
rebuild to see what’s causing grief. Not an immediate lock, and happens
a few minutes after boot even in safe mode. Will test more tonight.
We have a similar but different need - we do not bind Macs to AD, we
'bind' them to Jamf. So each Mac has a Jamf issued and signed
certificate that we can use to authenticate for EAP-TLS. Works fine for
an end user selecting the certificate in the wi...