Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Mac OS X and wireless EAP-TLS machine authentication

Hello
Our wireless network use WPA2 Enterprise (802.1x EAP-TLS with machine only authentication). Certificates enrolled from Microsoft CA (with computer template). I have problem with authentication, because MacOS doesn't have setting to choose machine authentication (on RADIUS server side (Cisco ACS) auth request from Mac appears as user request not machine (without host/ prefix). Does anyone fix this issue?

Regards,
Stas

MacBook Pro, Mac OS X (10.6)

Posted on Sep 3, 2009 9:56 AM

Reply
4 replies

Sep 14, 2009 11:33 AM in response to skuchma

Two things:

- Make sure that the machine certificate is in the System keychain
- For the network card, on the 802.1X tab, you must create a System Profile (not a User profile). Select EAP-TLS and choose the machine certificate. You will probably need to augment the default "User Name" on this screen by adding"host/" (without quotes) as a prefix. This makes it so that most RADIUS servers receive the preferred user id of "host/machine.domain.com" (without quotes) and will understand that this a machine authentication. Your mileage may vary - you may want to try it with, and without, the host/ prefix.

Mac OS X and wireless EAP-TLS machine authentication

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.