Security

Reply
Frequent Contributor I
Posts: 62
Registered: ‎12-02-2014

Mac OSX - Wired 802.1x EAP-TLS Machine Certificate Authentication

Is there a way to have a Wired Mac OSX (Yosemite) machine to utilize 802.1x EAP-TLS authentication and have it authenticate to the network on bootup with no user intervention?  We have successfully been able to get a machine certificate pushed to the Mac (via Casper JAMF), but it requires the user to choose the certificate on Login.  My goal is have the Mac authenticated to the network port prior to the user attempting to login, so that first time users are able to login via Active Directory BIND.  Without the port being successfully 802.1x authenticated, it prevents a first time user form logging into the Mac that is bound to AD.

 

My goal is to make it as seemless as a Machine Authenticate of a windows PC to AD.

 

Can anyone point me to technotes or write ups on how to do this?

 

Thanks ahead of time.

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: Mac OSX - Wired 802.1x EAP-TLS Machine Certificate Authentication

I've only been able to get AD login to work using single-sign on with a login window profile.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 62
Registered: ‎12-02-2014

Re: Mac OSX - Wired 802.1x EAP-TLS Machine Certificate Authentication

Thanks for the reply Tim. 

 

Is it possible to have a Mac use EAP-TLS to authenticate to the wired network without user intervention?

Search Airheads
Showing results for 
Search instead for 
Did you mean: