-
All replies
-
Helpful answers
-
Jul 24, 2013 11:31 AM in response to virtually warpedby dalehoughton,I'm also having this issue. We're trying to manage our Macs using SCCM 2012 SP1, but can't get the Macs to work properly with the Certificate request page. Did you ever find a fix for this?
-
Jul 24, 2013 12:54 PM in response to dalehoughtonby William Lloyd,Apple has a page with some white papers which may be helpful here:
In particular, the best practices for integrating with AD (which references the Kbase you linked to):
http://training.apple.com/pdf/wp_integrating_active_directory_ml.pdf
And the 802.1X authentication white paper:
http://training.apple.com/pdf/WP_8021X_Authentication.pdf
Which includes sample profiles for integrating 802.1X with an AD CA.
-
Aug 20, 2013 12:12 PM in response to virtually warpedby biggenie,Here is what I found helpful:
802.1x EAP-TLS Machine Authentication in Mt. Lion with AD Certificates
http://www.afp548.com/2012/11/20/802-1x-eaptls-machine-auth-mtlion-adcerts/
How to request a certificate from a Microsoft Certificate Authority using DCE/RPC and the Active Directory Certificate profile payload:
http://support.apple.com/kb/HT5357
I tripped up here becase my CA was named differently than the computer name. If you open a command prompt on the windows CA and type the command certutil –cainfo you should see several peices of information that will make filling out The name of the CA straight forward. You should use the Sanitized CA short name (DS name) for The name of the CA:
and certutil –cainfo will clearly show you that value.
One other thing to pay close attension to is you should use the Template name and not the Template display name for the Certificate Template field. These can be different (see below).
Good luck!
-
Aug 20, 2013 12:22 PM in response to virtually warpedby biggenie,Also, when the MAC is trying to join an enterprise wireless 802.1x network the only way you can get wireless configured is to use a profile that is either pushed from a Mac Server using Profile Manager, or a profile that is built and mailed to you by an administrator.