Mac OSX Wired 802.1X PEAP Authentication
03-25-2018 09:17 PM
We are implementing wired 802.1x with EAP-PEAP, and everything works great with our Windows clients, but we are seeing some weird behavior with our Macs OSX clients. The two options we have tried:
Manual User Auth:
When a Mac connects to the network, they are automatically prompted for user credentials. This works, but when the user locks their computer, the Mac logs the user out of their 802.1x session within a couple minutes. This messes with any apps they have running in the background, like Outlook or Slack.
Has anyone found a way to prevent the user logout from happening (they have not logged out of the computer, just locked the screen)?
Push 802.1x Profile:
We can also push a 802.1x profile to the Mac that uses our AD integration to pass the user credentials to 802.1x when the user logs into the computer. This works great, except when someone physically disconnects from the network and then plugs back in again. The user credentials do not seem to be cached, so 802.1x auth does not happen when they plug back in until the user logs out of the computer and then logs back in.
Does anyone have any insight with OSX and getting EAP-PEAP to work reliably on wired 802.1X?
Note: We are testing with Sierra and High Sierra