Skip navigation
This discussion is archived

Mac OS X  and wireless EAP-TLS machine authentication

7598 Views 4 Replies Latest reply: Oct 23, 2009 6:53 AM by W. S. Wellington RSS
skuchma Calculating status...
Currently Being Moderated
Sep 3, 2009 9:56 AM
Hello
Our wireless network use WPA2 Enterprise (802.1x EAP-TLS with machine only authentication). Certificates enrolled from Microsoft CA (with computer template). I have problem with authentication, because MacOS doesn't have setting to choose machine authentication (on RADIUS server side (Cisco ACS) auth request from Mac appears as user request not machine (without host/ prefix). Does anyone fix this issue?

Regards,
Stas
MacBook Pro, Mac OS X (10.6)
  • Graham Perrin Level 2 Level 2 (240 points)
    I'm not sure if this is what you're seeking, but the Configure Trust… button presents the Servers tab (alongside the Certificates tab).

    The tabs are visible in screen shot 8 at <http://www.wuala.com/grahamperrin/public/2009/09/10/>
    Intel and PowerPC desktops and laptops, G4 PowerPC Xserves, Xserve RAIDs, Mac OS X (10.6), Mac OS X 10.5.8 and 10.6, Mac OS X Server 10.5.8
  • rnbarrett Level 1 Level 1 (0 points)
    Two things:

    - Make sure that the machine certificate is in the System keychain
    - For the network card, on the 802.1X tab, you must create a System Profile (not a User profile). Select EAP-TLS and choose the machine certificate. You will probably need to augment the default "User Name" on this screen by adding"host/" (without quotes) as a prefix. This makes it so that most RADIUS servers receive the preferred user id of "host/machine.domain.com" (without quotes) and will understand that this a machine authentication. Your mileage may vary - you may want to try it with, and without, the host/ prefix.
    iMac 24" Early 2008, Mac OS X (10.5.8), and Vista SP2 with my iPhone OS 3.0.1
  • Joe Swenson Level 3 Level 3 (735 points)
    problem is that OS X doesn't spit out the machine account password like it should be.
    Apple doesn't seem to understand machine auth
  • W. S. Wellington Level 3 Level 3 (500 points)
    I agree, None of my OS X 10.6.1 machines will produce a machine password. Apple does not see to understand how Machine Auth works.
    PowerMac G5 DualCore 2.3 4.5GB, Mac OS X (10.4.6)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.