Help

802.1x LAN Profile

Go to solution
infrase2020
New Contributor III

Posted on ‎08-16-2023 07:14 AM

Hi all

Apologies if this has been answered already but we are trying to push an 802.1x LAN profile down to our macOS devices.

We have managed to push the wireless equivalent down with a certificate etc however when we try and create the LAN equivalent the device doesn't pick the certificate defined in the profile. 

Has anybody come across this issue before? 

We've seen a similar issue in the past with windows devices where you have to start the wired auto config service but wasn't sure if something similar was required on macs?

thanks

 

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
infrase2020
New Contributor III
In response to sdagley

Posted on ‎08-16-2023 07:44 AM

We are targeting at computer level. 

Our profile contains the following: 

  • Certificate 
  • Network - First Active Ethernet
  • Identity Certificate - Scep Device certificate
  • Trusted certificate - Scep Root Certificate
  • Trusted server certificate names
  • SCEP payload
    • Use the external ca settings to enable Jamf Pro as a scep proxy

As i said on my original post, the exact same settings work for wireless profiles but not ethernet, have i missed something? 

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎08-16-2023 07:25 AM

@infrase2020 Are you applying your wired network Configuration Profile at the User or Computer level? While Jamf will allow you to deploy the configuration at the User level Apple's MDM spec indicates that for wired profiles only Computer level is supported.

0 Kudos

Go to solution
infrase2020
New Contributor III
In response to sdagley

Posted on ‎08-16-2023 07:44 AM

We are targeting at computer level. 

Our profile contains the following: 

  • Certificate 
  • Network - First Active Ethernet
  • Identity Certificate - Scep Device certificate
  • Trusted certificate - Scep Root Certificate
  • Trusted server certificate names
  • SCEP payload
    • Use the external ca settings to enable Jamf Pro as a scep proxy

As i said on my original post, the exact same settings work for wireless profiles but not ethernet, have i missed something? 

0 Kudos

Go to solution
sdagley
Esteemed Contributor II
In response to infrase2020

Posted on ‎08-16-2023 08:16 AM

So much for that theory then... When you say the LAN connection isn't picking up the certificate is that because you're seeing a prompt to select a certificate for the wired connection, or is the 802.1x auth failing because it's not getting a valid certificate?

0 Kudos

Go to solution
infrase2020
New Contributor III

Posted on ‎08-17-2023 12:28 PM

Sorted the issue in the end. Had to set First Active Ethernet and the re-add the server URLs in the trust section. 

Thanks for your help @sdagley 

0 Kudos

Go to solution
snowfox
Contributor III
In response to infrase2020

Posted on ‎08-20-2023 01:45 PM

Tip: You will eventually run into problems on some machines where First Active Ethernet isn't eth0.

We had that as our original setting too and I had to eventually change it to 'Any Ethernet' to cover all scenarios.  Now works fine on all our devices without issue.

0 Kudos