It turns out Profile Manager actually can create a Login Window Profile, but for some reason the server must first be promoted to an Open Directory Master before you will see this option.

In the example above we are not using Open Directory at all. Therefor the promotion to an OD master wasn't an option for us.

Hi Tim,

If you start the profile manager service, it will start the OD service & make the server a master.

So you need both services if you're to use Profile Manager.

We are implementing 802.1x in out network but MAC system doesnt seem to work automatically.I have created the profiles using IPCU and made changes to mobile config to convert it into system profiles.Below is my profile configuration :-

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>PayloadContent</key> <array> <dict> <key>AutoJoin</key> <true/> <key>EAPClientConfiguration</key> <dict> <key>AcceptEAPTypes</key> <array> <integer>21</integer> <integer>25</integer> </array> <key>EAPFASTProvisionPAC</key> <false/> <key>EAPFASTProvisionPACAnonymously</key> <false/> <key>EAPFASTUsePAC</key> <false/> <key>PayloadCertificateAnchorUUID</key> <array> <string>1CBE9C47-E5A5-4BAF-B09C-BFC107C4ADBF</string> </array> <key>TTLSInnerAuthentication</key> <string>MSCHAPv2</string> </dict> <key>EncryptionType</key> <string>WPA</string> <key>HIDDEN_NETWORK</key> <false/> <key>PayloadDescription</key> <string>Configures wireless connectivity settings.</string> <key>PayloadDisplayName</key> <string>Wi-Fi (Dot1x)</string> <key>PayloadIdentifier</key> <string>com.qma.profile.wifi</string> <key>PayloadOrganization</key> <string>qatar musuem authority</string> <key>PayloadType</key> <string>com.apple.wifi.managed</string> <key>PayloadUUID</key> <string>1A6C83F9-7990-414C-BA75-5F16975AECA1</string> <key>PayloadVersion</key> <integer>1</integer> <key>ProxyType</key> <string>None</string> <key>SetupModes</key> <array> <string>System</string> </array>

<key>SSID_STR</key> <string>Dot1x</string> </dict> <dict> <key>PayloadCertificateFileName</key> <string>juniperuac-pri.qma.com.qa.crt</string> <key>PayloadContent</key> <data> LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNhRENDQWRF Q0NGS2Zyako2RVdMRU1BMEdDU3FHU0liM0RRRUJCUVVBTUhreEN6 QUpCZ05WQkFZVEFqOC8KTVFzd0NRWURWUVFJRXdJL1B6RUxNQWtH QTFVRUJ4TUNQejh4RERBS0JnTlZCQW9UQTFGTlFURUxNQWtHQTFV RQpDeE1DUHo4eElqQWdCZ05WQkFNVEdXcDFibWx3WlhKMVlXTXRj SEpwTG5GdFlTNWpiMjB1Y1dFeEVUQVBCZ2txCmhraUc5dzBCQ1FF V0FqOC9NQjRYRFRFME1EVXhNekV6TVRFMU5Wb1hEVEU1TVRFd016 RXpNVEUxTlZvd2VURUwKTUFrR0ExVUVCaE1DUHo4eEN6QUpCZ05W QkFnVEFqOC9NUXN3Q1FZRFZRUUhFd0kvUHpFTU1Bb0dBMVVFQ2hN RApVVTFCTVFzd0NRWURWUVFMRXdJL1B6RWlNQ0FHQTFVRUF4TVph blZ1YVhCbGNuVmhZeTF3Y21rdWNXMWhMbU52CmJTNXhZVEVSTUE4 R0NTcUdTSWIzRFFFSkFSWUNQejh3Z1o4d0RRWUpLb1pJaHZjTkFR RUJCUUFEZ1kwQU1JR0oKQW9HQkFNU3**9HSFRZTmZYVmtEYmlz NWFTODYvVVNJNHNtR1pueUlhL0ZYbHVqUFZ2cVJQOU9hT3ZOUGZa WApVQ0dYalZLcTZuM0FWZnlHYmVLTDA3eFlsbkJFR1BtM0F0MUps S2VLNlN5Q1lvMXRJTk4wT2ltc0dTNS9PTmx5Ck9mWk9sSUVkMk9w WGJ2NGdUeVlFVGNQYWxnekR2V2lrUzc0YkNtc1U1cnp6c2FPSEFn TUJBQUV3RFFZSktvWkkKaHZjTkFRRUZCUUFEZ1lFQW5JcHVCUlJs aE1Bek9jRG1KVmFPMlZPTi9nbnpmSG1wWXdiNk1VQ0dVT1o3QVpi SgpCRmFONTJpSmV5V2tnVzl4blNrNkZJRHZjUWJURkVvalV4azRv LzFjak9LeFFzNExUVWtleS9IZTg2VndLcTZTCmV2MnV4UE9yRVpH ajBZMzMwOENQM2dIRy9XM3FTQW9nN2VBUHluNnhMUnhFQUl2Y1FF K3BZSVV4NXRzPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== </data> <key>PayloadDescription</key> <string>Provides device authentication (certificate or identity).</string> <key>PayloadDisplayName</key> <string>juniperuac-pri.qma.com.qa</string> <key>PayloadIdentifier</key> <string>com.qma.profile.credential</string> <key>PayloadOrganization</key> <string>qatar musuem authority</string> <key>PayloadScope</key> <string>System</string>
<key>PayloadType</key> <string>com.apple.security.root</string> <key>PayloadUUID</key> <string>1CBE9C47-E5A5-4BAF-B09C-BFC107C4ADBF</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string>Profile description.</string> <key>PayloadDisplayName</key> <string>QMA</string> <key>PayloadIdentifier</key> <string>com.qma.profile</string> <key>PayloadOrganization</key> <string>qatar musuem authority</string> <key>PayloadRemovalDisallowed</key> <false/> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>BB69600C-540F-4C90-B04E-582E622D06FC</string> <key>PayloadVersion</key> <integer>1</integer>
</dict>
</plist>

This is the configuration .I have read through the existing forums and have made the highlighted changes to user profile but still while logging in it show " NO NETWORK" and doesnt work as it used to work in 10.6.8 version.Please kindly help me out as soon as possible.

we are trying to login while the system is connected to ethernet.IPCU works for both wireless and wired right?thats what i have read.....it works completely fine in 10.6.6 where we can make the system profile in itself.or is there a way to export that profile to 10.8.5?please please help me out!!!!!!

@rhysforrester any insight on whats going wrong in my code??

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>PayloadContent</key> <array> <dict> <key>AuthenticationMethod</key> <string>directory</string> <key>AutoJoin</key> <true/> <key>EAPClientConfiguration</key> <dict> <key>AcceptEAPTypes</key> <array> <integer>21</integer> <integer>25</integer> </array> <key>OneTimeUserPassword</key> <false/> <key>SystemModeCredentialsSource</key> <string>ActiveDirectory</string> <key>EAPFASTProvisionPAC</key> <false/> <key>EAPFASTProvisionPACAnonymously</key> <false/> <key>EAPFASTUsePAC</key> <false/> <key>TTLSInnerAuthentication</key> <string>MSCHAPv2</string> <key>UserName</key> <string></string> <key>UserPassword</key> <string></string> </dict> <key>EncryptionType</key> <string>Any</string> <key>HIDDEN_NETWORK</key> <false/> <key>Interface</key> <string>FirstActiveEthernet</string> <key>PayloadDescription</key> <string>Configures wireless connectivity settings.</string> <key>PayloadDisplayName</key> <string>Wi-Fi (test)</string> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>com.test.profile.wifi</string> <key>PayloadOrganization</key> <string></string> <key>PayloadType</key> <string>com.apple.firstactiveethernet.managed</string> <key>PayloadUUID</key> <string>4707BCF9-6233-4E0A-BB3E-2EF46E702CA9</string> <key>PayloadVersion</key> <integer>1</integer> <key>ProxyType</key> <string>None</string> <key>SetupModes</key> <array> <string>System</string> </array>

</dict> </array> <key>PayloadDescription</key> <string>Wired 802.1x Profile</string> <key>PayloadDisplayName</key> <string>Wired 802.1x</string> <key>PayloadIdentifier</key> <string>com.test.profile</string> <key>PayloadOrganization</key> <string></string> <key>PayloadRemovalDisallowed</key> <false/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>7A34EB66-B956-43FC-B3C7-8CF7B87FF9CA</string> <key>PayloadVersion</key> <integer>1</integer>
</dict>
</plist>

heres the latest code which I thought would work with machine authentication as this one I included system profile and the concerned interface too but it still doesn't authenticate while logging in.and no network during logging in.i don't understand whats wrong..Please help me out!!!its really important that I fix this !!!