Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Mac OSX - Wired 802.1x EAP-TLS Machine Certificate Authentication

This thread has been viewed 6 times

  • 1.  Mac OSX - Wired 802.1x EAP-TLS Machine Certificate Authentication

    Posted Mar 31, 2015 05:56 PM

    Is there a way to have a Wired Mac OSX (Yosemite) machine to utilize 802.1x EAP-TLS authentication and have it authenticate to the network on bootup with no user intervention?  We have successfully been able to get a machine certificate pushed to the Mac (via Casper JAMF), but it requires the user to choose the certificate on Login.  My goal is have the Mac authenticated to the network port prior to the user attempting to login, so that first time users are able to login via Active Directory BIND.  Without the port being successfully 802.1x authenticated, it prevents a first time user form logging into the Mac that is bound to AD.

     

    My goal is to make it as seemless as a Machine Authenticate of a windows PC to AD.

     

    Can anyone point me to technotes or write ups on how to do this?

     

    Thanks ahead of time.



  • 2.  RE: Mac OSX - Wired 802.1x EAP-TLS Machine Certificate Authentication

    EMPLOYEE
    Posted Mar 31, 2015 05:59 PM
    I've only been able to get AD login to work using single-sign on with a login window profile.


    Thanks,
    Tim


  • 3.  RE: Mac OSX - Wired 802.1x EAP-TLS Machine Certificate Authentication

    Posted Mar 31, 2015 07:55 PM

    Thanks for the reply Tim. 

     

    Is it possible to have a Mac use EAP-TLS to authenticate to the wired network without user intervention?