Security

Reply
Occasional Contributor II

Mac OS X Sierra 802.1x profile

Community,

 

We are running EAP-TLS using Microsoft NPS on the back end. The Windows machines are working fine, I was able to deploy a GP to the machines that allowed for user cert auto enroll and theyre able to connect using EAP-TLS. The issue Im having is with the Macbooks! OS X Sierra has no ability to manually define the 802.1x settings, and I cant even add a profile manually in the 802.1x tab it just says "Use a configuration profile to add an 802.1x profile to your system. Contact your system administrator for more information." I have been scouring Google looking for how to build these 802.1x profile but have come up with nothing. Does anyone have any experience building and deploying 802.1x profiles for Mac? Do I need a special software to do it? Any help you can provide would be greatly appreciated. Thanks.

Guru Elite

Re: Mac OS X Sierra 802.1x profile

https://discussions.apple.com/thread/3198156?tstart=0

 

iphone configuration utility, is what you would need.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: Mac OS X Sierra 802.1x profile

ICU is no longer supported by Apple.

 

What EMM solution are you using to manage your macOS devices? 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Mac OS X Sierra 802.1x profile

Tim,

 

To my knowledge we have no EMM solution. I know we use Centrify to handle the AD integration for the Macs but thats about it. Im not a Mac user so I know very little about them. 

Occasional Contributor II

Re: Mac OS X Sierra 802.1x profile

Tim,

 

To your knowledge, Is there any way to get the Macs with OS X Sierra to connect to the wireless via EAP-TLS using user certs? Apple seems to have completely taken away the ability to modify the 802.1x profiles from the machine itself. 

 

Thanks.

Guru Elite

Re: Mac OS X Sierra 802.1x profile

Are these personal or corporate managed devices?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Mac OS X Sierra 802.1x profile

Tim,

 

These are corporate devices integrated into our Active Directory via Centrify. The windows machines request and register a personal user certificate automatically. The user cert is used to provide identity to the NPS during the EAP-TLS exchange. However, the Apple devices have no options in the 802.1x section that allow me to specify the EAP type or anything else. Its completely blank, even if the user is an admin on the machine. I know a long time ago the Mac allowed you to change these settings from the computer itself but it seems that Sierra has taken all of that away. Any insights?

 

Thanks.

Guru Elite

Re: Mac OS X Sierra 802.1x profile

You'd need to configure Centrify to push a certificate enrollment and supplicant configuration profile to the devices.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: