So, new operating system new things to do. Just read the Help Center bit on "Connect to a network that requires 802.1X authentication". The interesting bit was:
In most cases your network administrator provides a configuration profile that contains the information and settings you need to authenticate with the network.
To get on the 802.1X you now need to do a lot of stuff. Looks like it needs a .mobileconfig file.
Just read this Apple Discussion on it which gives you a nice guide on how to do it.
After much time we finally got around to having a network administrator on the case.
So, we were looking for a way to connect to the wifi without using usernames and passwords. The answer was EAP-TLS. We followed the link above and created a certificate for the computer. Only trouble was we had problems enabling TLS on the wifi. Network administrator looking into this I think.
We resorted to PEAP I think. We made a .mobileconfig file using the iphone configuration utility, got hold of the wifi certificate, put that in the credentials payload of the .mobileconfig file, and loaded it up on the machine in question. It added the certificate to the Users keychain (not system!) and put the old 802.1X stuff in the network settings! When we turned the wifi on it tried to connect to the wifi (with the username and password we set in the .mobileconfig file) but it came up with an error. Could not verify the server. Looks like the configuration file was at fault. Seems that the certificate server is automatically dishing out expired certificates. Network administrator is trying to fix.
A handy page to manually create a .mobileconfig file with more settings then the iphone configuration utility can create was here. You can specify the certificate to be added to the system keychain, and also that the wifi loads at login window!
------
So far so good. Our network team has now made a new wifi SSID with EAP-TLS. Using this tutorial we made the machine have a signed certificate from the certificate server, and add the profile for the wifi. We used this certificate (with the username - host/DNSnameofMachineHere) to successfully get onto the wifi, but did it manually.
Next time we'll need to set this file up with the wifi details properly (we didn't add system login window stuff here).
-----
We're now giving up on the old 'manually edit the .mobileconfig file' and going for the 'Mavericks Server' option.
Here's the help page on it
So, we've set up a mavericks server (just a computer with Mavericks installed and the "Server" app installed).
I've enabled "Profile Manager" and set it up so in a browser you can go to:
http://YourMavericksServer.ac.uk/profilemanager
go to groups, general.
from the list of payloads, go to AD Certificate
found this article on how to configure the page
Not quite working yet. Getting an error when installing the profile.
Need to add devices, but I think it looks like you have to add users which are in charge of devices? Not sure.
No comments:
Post a Comment