Currently Being ModeratedJul 20, 2011 3:29 PM (in response to natevancouver)
There is no way to do it without Lion server. Remember Lion server is now free. You can also do a reinstall on any Lion client (choose customize) to install server. Then just download the server app from the App store and you can configure profile manager.
Currently Being ModeratedJul 20, 2011 3:35 PM (in response to natevancouver)
You need Lion Server on a system to create the profiles.
Lion Server is $50 and available from the App Store. You'll probably want at least one machine with it to generate the profiles.
Another option might be to script 'networksetup' to create the profiles from the command line. This is not a trivial exercise, but would likely work if you were a command-line expert and had a bunch of knowledge about all networksetup's options and your 802.1X environment.
Currently Being ModeratedJul 20, 2011 3:40 PM (in response to William Lloyd)
I stand corrected. I just checked and server is indeed 50 bucks. Darn you developer preview =).
Yes, networksetup is another option it can be a little overwhelming. I would just spend the 50 dollars and use profile manager.
Currently Being ModeratedJul 21, 2011 3:48 AM (in response to DrVenture)
Hi, I'm in a similar situation here: we operate 802.1x on both our wired and wireless network and, while our iPhone mobileconfig file is working on laptops at the moment, we can't get dekstop machines to auhenticate properly on the wired network.
While we have a large Mac userbase on campus we operate a Microsoft Active Directory and have no intention of setting up a Lion server and Open Directory infrastructure just to get clients on the network. I need a way to create these Profiles without Lion Server. This is a serious problem.
Currently Being ModeratedJul 21, 2011 9:44 AM (in response to Gary_Parker)
If you are not going to use System or Login window mode, then you can use IPCU to create the 802.1X profiles that will allow a Lion client to connect to either a wireless or wired 802.1X network. If you need System or Login window mode, then yes, you will need to set up a Lion server or use the networksetup utility.
From my testing I have found the following to be true:
1. A profile created with IPCU can be used for either the wireless or wired interface on a Lion client. If you want to create a wired profile, just enter bogus info for the SSID, the wired interface will ignore it. If you decided to check out Lion server, you can specify wired or wireless interfaces, so you do not have to enter a bogus SSID if you want a "wired" only profile.
Another thing is again with Profile Manager (Lion Server), WiFi 802.1X profiles can be used with wired interfaces, however, wired 802.1X profiles CANNOT be used with WiFi because it lacks an SSID.
2. Lion client now supports an "802.1X automatic" mode with wired. Meaning, if you plug a Lion client into a switch that supports 802.1X authentication, the Lion client with start the EAPOL supplicant when it sees an EAP ID request. If, the EAP type can be auto neg by the Lion client, it will prompt the user to enter user credentials, or a cert (in the case of TLS). So a profile is not needed in this case.
If this auto connection mode is not desired, you can turn it off by going to System Prefs - Network - choose the Eth interface - advanced - 802.1X tab. You will see a check box to enable automatic connection.
Hope this helps
Currently Being ModeratedAug 18, 2011 10:11 AM (in response to natevancouver)
Create a User level profile using either IPCU or the Profile Manager in Lion Server.
Once created, edit the file and add the following:
This should make your profile device level as opposed to user level.
Currently Being ModeratedAug 18, 2011 10:10 AM (in response to cbrew325)
thanks. I will try it.
So I assume, there is no other way to do it. It's a bad thing actually, if the profile file encrypted is.
Thanks again. And these should be the answer to these discussion, not some reply with lion server being free...
Currently Being ModeratedAug 19, 2011 2:52 PM (in response to natevancouver)
This is what worked for me:
To get a system to work with an IPCU mobileconfig, create a working “user” profile and add the following items:
Starting the line immediately below the SSID_STR key’s ‘<string>’ value, add this:
Change "System" to "Loginwindow" to create a Login Profile
Insert these lines immediately above the bottom-most PayloadType key line:
I was able to get both a System profile and a Login Profile working. No Lion servers involved for me just the iPhone Configuration Utility.