1 2 3 4 5 Previous Next 68 Replies Latest reply: Aug 30, 2013 6:15 AM by Peter-Erik Go to original post
  • 60. Re: How can I create an 802.11x system profile?
    WHS ict Level 1 Level 1 (0 points)

    i'm not finding the option to create a system mode login, only a login window one. where is that in lion server?

  • 61. Re: How can I create an 802.11x system profile?
    °Bernz° Level 1 Level 1 (10 points)

    Hi WHS,

     

    It's a bit confusing in the Profile Manager interface, but the way I solved it is that in the Network payload, I check the box Use as a Login Window configuration.

     

    Capture d’écran 2013-08-20 à 19.34.45.png

     

    Basically, this means that the configuration will be used at the login window, e.g. when no one is connected, so this is basically a "system" configuration.

     

    (P.-S. it goes without saying that you need OS X Server with Profile Manager to do this...)

  • 62. Re: How can I create an 802.11x system profile?
    WHS ict Level 1 Level 1 (0 points)

    hmm. my understanding was that a system profile and a login window profile were two entirely different things.

  • 63. Re: How can I create an 802.11x system profile?
    °Bernz° Level 1 Level 1 (10 points)

    Well, more or less... I believe that in a previous version of OS X, they did make the distinction. And maybe for other configuration aspects, it does make a difference. But for 802.1X, the difference doesn't seem to be there.

     

    If you look at the profile manager documentation (http://help.apple.com/profilemanager/mac/2.2/#apdF985515F-9344-46EE-BAC5-D60ABBF 1C1D1), they are pretty clear thant both are pretty much the same:

     

    When you’re creating a profile for a user, the settings are for 802.1X user mode. When you’re creating a profile for a device, the settings are for system mode or login window mode.

     

    As you can read from this extract of Apple's documentation, for the device, system and login mode seem to be pretty much the same... at least in this situation.

  • 64. Re: How can I create an 802.11x system profile?
    Tunc Level 1 Level 1 (20 points)

    They are completely different things.

    To achieve the system mode just add or edit the following code blocks to the profile (by editing it either with XCode or vim):

    <key>PayloadScope</key>

      <string>System</string>

  • 65. Re: How can I create an 802.11x system profile?
    WHS ict Level 1 Level 1 (0 points)

    yeah, they are behaving oddly. i'm wanting there to be a login window profile, to allow my network users to validate with the server on my radius secured wireless, but then they should disconnect from that wireless and join the guest network. I thought a login profile did that. instead i'm seeing the laptop conencted to the radius network before login (so i can ssh into the device), then the laptop remain connected to the login window profile netowork after login, which makes it more of a system profile.

     

    any one know how i can achieve what i'm after with Lion?

     

    Message was edited by: WHS ict

  • 66. Re: How can I create an 802.11x system profile?
    °Bernz° Level 1 Level 1 (10 points)

    Hi WHS,

     

    Just like you, I needed to have a profile connected to my WPA2 Enterprise WiFi network at the login window. I created a .mobileconfig file with OS X Server with the option Use as a Login Window configuration checked, and it works as expected.

     

    I created a dummy account for the Login window, with no rights whatsoever on the network, but with the ability to log in using RADIUS. Then, once the user logs in, the user's credentials are used to authenticated through RADIUS.

     

    Don't know if that's what you need, but it worked for me under 10.8.

     

    Regards.

  • 67. Re: How can I create an 802.11x system profile?
    WHS ict Level 1 Level 1 (0 points)

    almost. i'm also using a machine account to allow the network user to be authenticated over a radius secured network.

     

    i then want that radius secured network to close, and a WPA network to be used instead (the user profile network). this allows me to limit access to the device to registered users only, and limit access to the internal network to authorised users only.

     

    i had thought a system profile works for login and user, a login profile for the login step only and a user profile for the user step only, it appears that i am wrong.

     

    is there any way to do what i want, or do i need to expose my LDAP server to the WPA (guest) network in order to get network users authenticated?

  • 68. Re: How can I create an 802.11x system profile?
    Peter-Erik Level 1 Level 1 (10 points)

    Try to make a 802.1x for an 10.7.5 system. After the user login it works but i want an system account any idea whats wrong with my xml file? or what iam missing?

     

    thanks

     

    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

    <plist version="1.0">

    <dict>

              <key>PayloadContent</key>

              <array>

                        <dict>

                                  <key>AutoJoin</key>

                                  <false/>

                                  <key>EAPClientConfiguration</key>

                                  <dict>

                                            <key>AcceptEAPTypes</key>

                                            <array>

                                                      <integer>13</integer>

                                            </array>

                                            <key>EAPFASTProvisionPAC</key>

                                            <false/>

                                            <key>EAPFASTProvisionPACAnonymously</key>

                                            <false/>

                                            <key>EAPFASTUsePAC</key>

                                            <false/>

                                            <key>PayloadCertificateAnchorUUID</key>

                                            <array>

                                                      <string>6F390D6B-80AB-4E3A-9222-BDA0FFF20F2A</string>

                                            </array>

                                            <key>TLSTrustedServerNames</key>

                                            <array/>

                                            <key>TTLSInnerAuthentication</key>

                                            <string>MSCHAPv2</string>

                                            <key>UserName</key>

                                            <string></string>

                                            <key>UserPassword</key>

                                            <string></string>

                                  </dict>

                                  <key>EncryptionType</key>

                                  <string>WPA</string>

                                  <key>HIDDEN_NETWORK</key>

                                  <true/>

                                  <key>PayloadDescription</key>

                                  <string>Configures wireless connectivity settings.</string>

                                  <key>PayloadDisplayName</key>

                                  <string>Wi-Fi (-)</string>

                                  <key>PayloadIdentifier</key>

                                  <string>local.test.profile.wifi1</string>

                                  <key>PayloadOrganization</key>

                                  <string></string>

                                  <key>PayloadType</key>

                                  <string>com.apple.wifi.managed</string>

                                  <key>PayloadUUID</key>

                                  <string>D732275D-9269-4C18-BC01-EED50FBCE0FA</string>

                                  <key>PayloadVersion</key>

                                  <integer>1</integer>

                                  <key>ProxyType</key>

                                  <string>None</string>

                                  <key>SSID_STR</key>

                                  <string>-</string>

                                  <key>SetupModes</key>

                                  <array>

                                            <string>System</string>

                                            <string>Loginwindow</string>

                                  </array>

                        </dict>

                        <dict>

                                  <key>PayloadCertificateFileName</key>

                                  <string>CA1</string>

                                  <key>PayloadContent</key>

                                  <data>

                                  MIIDbjCCAlagAwIBAgIQJiGU9rU4sKZJ5X7tpWQKGjANBgkqhkiG

                                  9w0BAQUFADA/MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGDAWBgoJ

                                  kiaJk/IsZAEZFghjYnMtbmlvYjEMMAoGA1UEAxMDQ0ExMB4XDTEz

                                  MDgwMTA5MzQwNFoXDTIzMDgwMTA5NDQwMlowPzEVMBMGCgmSJomT

                                  8ixkARkWBWxvY2FsMRgwFgYKCZImiZPyLGQBGRYIY2JzLW5pb2Ix

                                  DDAKBgNVBAMTA0NBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC

                                  AQoCggEBAJSTewHD3wvtOjTjY/NdAM1gIiWZESwCgB1EsTs8cXNQ

                                  VS33Fv+Wl3cEoZYS99ocETGwz9c02neQobV2bPhqe+IkU/jc9CW4

                                  OgfW9pdrAMlDCrDJ7shsenTKKmdfutPZ5VQfQgBTF/6acz4Cq2l0

                                  euIoSulMeQ/bBFxBn/MWmZ1m/Jinxi1iVbTHnuTvxEZI6Jj6E/OO

                                  sPUBgsvCencnqz+nSRzFlDNtosleVuFXFolBukzgnLpxkQI+a3Ab

                                  cMUW5HR4STqQAnyALv+q88d08eWQDzX3hf2ejgIw39g8YbCIZQpn

                                  SpVqNu/j5RH5kPqIMlT3rSaV9V/xixRQglMDGeECAwEAAaNmMGQw

                                  EwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud

                                  EwEB/wQFMAMBAf8wHQYDVR0OBBYEFAoH7bBxS9OkqWlNBttqQynr

                                  ROcjMBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IB

                                  AQAgNY5njNUD8awe2si8QiDVQcdOp3/jT++ghBv+GkLpwsf6sb72

                                  qUKoWE3+DA6ZT7VYg6ZV6z7uIMA8eYAoz2tQLBLkzKXlJA5HaXML

                                  +loGad7ksA7si7rqZhxdcVRDnaRwZxUwB1ddWr2jsZgewId7doId

                                  5GjxeC1PZOCKCVpKXtLwFLXZNQjj+BVOiccXLCY/6BPFXtySNMac

                                  DEFMAVk9vmqTsISZJbpq4AMtrmWfBcq+cNKLq6kDbOPUUJK9TFpu

                                  PAD6BTWjKAcvkBJuDuqBS84lyp82b4QdRYdPP4AtT1jtYrpg0547

                                  OSBXxfh7b5Ou0QB3oq3Hlc/x69HpGrU1

                                  </data>

                                  <key>PayloadDescription</key>

                                  <string>Provides device authentication (certificate or identity).</string>

                                  <key>PayloadDisplayName</key>

                                  <string>CA1</string>

                                  <key>PayloadIdentifier</key>

                                  <string>local.test.profile.credential2</string>

                                  <key>PayloadOrganization</key>

                                  <string></string>

                                  <key>PayloadType</key>

                                  <string>com.apple.security.root</string>

                                  <key>PayloadUUID</key>

                                  <string>6F390D6B-80AB-4E3A-9222-BDA0FFF20F2A</string>

                                  <key>PayloadVersion</key>

                                  <integer>1</integer>

                        </dict>

              </array>

              <key>PayloadDescription</key>

              <string>Profile description.</string>

              <key>PayloadDisplayName</key>

              <string>Lion 802.1x</string>

              <key>PayloadIdentifier</key>

              <string>local.test.profile</string>

              <key>PayloadOrganization</key>

              <string></string>

              <key>PayloadRemovalDisallowed</key>

              <false/>

              <key>PayloadScope</key>

              <string>System</string>

              <key>PayloadType</key>

              <string>Configuration</string>

              <key>PayloadUUID</key>

              <string>D16F5411-533E-4038-8CE7-7CAADE871026</string>

              <key>PayloadVersion</key>

              <integer>1</integer>

    </dict>

    </plist>

1 2 3 4 5 Previous Next