Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Mac OS X Sierra 802.1x profile

This thread has been viewed 1 times

  • 1.  Mac OS X Sierra 802.1x profile

    Posted Sep 08, 2017 10:57 AM

    Community,

     

    We are running EAP-TLS using Microsoft NPS on the back end. The Windows machines are working fine, I was able to deploy a GP to the machines that allowed for user cert auto enroll and theyre able to connect using EAP-TLS. The issue Im having is with the Macbooks! OS X Sierra has no ability to manually define the 802.1x settings, and I cant even add a profile manually in the 802.1x tab it just says "Use a configuration profile to add an 802.1x profile to your system. Contact your system administrator for more information." I have been scouring Google looking for how to build these 802.1x profile but have come up with nothing. Does anyone have any experience building and deploying 802.1x profiles for Mac? Do I need a special software to do it? Any help you can provide would be greatly appreciated. Thanks.



  • 2.  RE: Mac OS X Sierra 802.1x profile

    EMPLOYEE
    Posted Sep 08, 2017 11:00 AM

    https://discussions.apple.com/thread/3198156?tstart=0

     

    iphone configuration utility, is what you would need.



  • 3.  RE: Mac OS X Sierra 802.1x profile

    EMPLOYEE
    Posted Sep 08, 2017 11:08 AM

    ICU is no longer supported by Apple.

     

    What EMM solution are you using to manage your macOS devices? 



  • 4.  RE: Mac OS X Sierra 802.1x profile

    Posted Sep 08, 2017 01:07 PM

    Tim,

     

    To my knowledge we have no EMM solution. I know we use Centrify to handle the AD integration for the Macs but thats about it. Im not a Mac user so I know very little about them. 



  • 5.  RE: Mac OS X Sierra 802.1x profile

    Posted Sep 13, 2017 12:20 PM

    Tim,

     

    To your knowledge, Is there any way to get the Macs with OS X Sierra to connect to the wireless via EAP-TLS using user certs? Apple seems to have completely taken away the ability to modify the 802.1x profiles from the machine itself. 

     

    Thanks.



  • 6.  RE: Mac OS X Sierra 802.1x profile

    EMPLOYEE
    Posted Sep 14, 2017 12:34 PM

    Are these personal or corporate managed devices?



  • 7.  RE: Mac OS X Sierra 802.1x profile

    Posted Sep 15, 2017 09:41 AM

    Tim,

     

    These are corporate devices integrated into our Active Directory via Centrify. The windows machines request and register a personal user certificate automatically. The user cert is used to provide identity to the NPS during the EAP-TLS exchange. However, the Apple devices have no options in the 802.1x section that allow me to specify the EAP type or anything else. Its completely blank, even if the user is an admin on the machine. I know a long time ago the Mac allowed you to change these settings from the computer itself but it seems that Sierra has taken all of that away. Any insights?

     

    Thanks.



  • 8.  RE: Mac OS X Sierra 802.1x profile

    EMPLOYEE
    Posted Sep 15, 2017 09:44 AM

    You'd need to configure Centrify to push a certificate enrollment and supplicant configuration profile to the devices.