Security

Team-

 

We have an enterprise with Win7 and we use CPPM  6.5.0 for user and machine auth in regards to wireless access.

 

We are deploying Macbook Pro with Yosemite. We follow the directions Apple provides in order to bind to AD and can connect  wired.

 

We have created the mobile config account with all the necessary certificates.  

 

We try to connect to wireless and CPPM sees the machine name as a user name.  We received a rejection in CPPM.

 

Before going on any further in this post I am curious to see if anyone has performed a Macbook deployment using CPPM for user auth and machine auth?  If so how does the macbook need to be configured?

 

This will not be a BYOD solution but a NAC solution similar to our WIN 7 enterprise notebook computers.

 

Thanks

 

Yes, you need to have a system level profile and a user profile.

 

What error did you receive in ClearPass? Can you post a screenshot?

We are all novices when it comes to the Apple OS.    Before I post a screen shot I will tell you our errors are very inconsistent as is the behaviors of the Apple Macbook.  Can you point me i the direction of some knowledge regarding System level profiles and user profiles on a Macbook?  We thought the mobile config profile would handle most of the heavy lifting here.

Which MDM are you using to manage the devices and push down profiles?

 

You have to apply policy at both the user and machine level with different profiles with different configurations.

There is no plan for an MDM. 

We are exploring profiles in detail.  Do you have an example of these profiles?

You will need some type of management tool to do user and machine auth on Macs. OS X needs a profile server to grab user profiles which can then apply network configuration and assign the user certificate.

Otherwise you will have to have all of your users manually installing profiles. It will be a major headache. It's nearly impossible to use Macs in an enterprise environment without some type of management platform.


Thanks,
Tim