Previous 1 2 3 Next 69 Replies Latest reply: Aug 7, 2015 11:52 PM by craigfrommelbourne
natevancouver Level 1 (10 points)

How can I create a system-wide 802.11x profile in Lion? This would allow the Mac to connect to the wireless network at startup, before login.


In Snow Leopard there was a “+” button on the 802.11x screen that let you create a system profile. In Lion you have to use the iPhone Configuration Utility (yes iPhone) to create a configuration profile, which you then import on the Mac.


But as far as I can tell that only creates a user profile. With a user profile the wireless network is not connected until after you log in.

  • DrVenture Level 2 (180 points)

    You have to use Profile Manager on Lion Server to create System Mode or Login Window mode profiles for Lion clients.

  • natevancouver Level 1 (10 points)

    Thank you. I won’t be able to do that as we aren’t using Lion Server, but it’s good to know.


    (Anyone know of a way to do it without Lion Server?)

  • DrVenture Level 2 (180 points)

    There is no way to do it without Lion server. Remember Lion server is now free. You can also do a reinstall on any Lion client (choose customize) to install server. Then just download the server app from the App store and you can configure profile manager.

  • William Lloyd Level 7 (21,047 points)

    You need Lion Server on a system to create the profiles.


    Lion Server is $50 and available from the App Store.  You'll probably want at least one machine with it to generate the profiles.


    Another option might be to script 'networksetup' to create the profiles from the command line.  This is not a trivial exercise, but would likely work if you were a command-line expert and had a bunch of knowledge about all networksetup's options and your 802.1X environment.

  • DrVenture Level 2 (180 points)

    I stand corrected. I just checked and server is indeed 50 bucks. Darn you developer preview =).


    Yes, networksetup is another option it can be a little overwhelming. I would just spend the 50 dollars and use profile manager.

  • Gary_Parker Level 1 (0 points)

    Hi, I'm in a similar situation here: we operate 802.1x on both our wired and wireless network and, while our iPhone mobileconfig file is working on laptops at the moment, we can't get dekstop machines to auhenticate properly on the wired network.


    While we have a large Mac userbase on campus we operate a Microsoft Active Directory and have no intention of setting up a Lion server and Open Directory infrastructure just to get clients on the network. I need a way to create these Profiles without Lion Server. This is a serious problem.

  • DrVenture Level 2 (180 points)



    If you are not going to use System or Login window mode, then you can use IPCU to create the 802.1X profiles that will allow a Lion client to connect to either a wireless or wired 802.1X network. If you need System or Login window mode, then yes, you will need to set up a Lion server or use the networksetup utility.


    From my testing I have found the following to be true:


    1. A profile created with IPCU can be used for either the wireless or wired interface on a Lion client. If you want to create a wired profile, just enter bogus info for the SSID, the wired interface will ignore it. If you decided to check out Lion server, you can specify wired or wireless interfaces, so you do not have to enter a bogus SSID if you want a "wired" only profile.


    Another thing is again with Profile Manager (Lion Server), WiFi 802.1X profiles can be used with wired interfaces, however, wired 802.1X profiles CANNOT be used with WiFi because it lacks an SSID.


    2. Lion client now supports an "802.1X automatic" mode with wired. Meaning, if you plug a Lion client into a switch that supports 802.1X authentication, the Lion client with start the EAPOL supplicant when it sees an EAP ID request. If, the EAP type can be auto neg by the Lion client, it will prompt the user to enter user credentials, or a cert (in the case of TLS). So a profile is not needed in this case.


    If this auto connection mode is not desired, you can turn it off by going to System Prefs - Network - choose the Eth interface - advanced - 802.1X tab. You will see a check box to enable automatic connection.


    Hope this helps

  • Tunc Level 1 (20 points)

    Is there a documentation or how-to about creating system profiles for wifi/ethernet in Lion server ??

  • cbrew325 Level 1 (15 points)

    Create a User level profile using either IPCU or the Profile Manager in Lion Server.


    Once created, edit the file and add the following:





    This should make your profile device level as opposed to user level.

  • Tunc Level 1 (20 points)

    thanks. I will try it.


    So I assume, there is no other way to do it. It's a bad thing actually, if the profile file encrypted is.


    Thanks again. And these should be the answer to these discussion, not some reply with lion server being free...

  • Steve-1029 Level 1 (5 points)

    LION on MBP


    Once I use the IPCU tool

    How the heck do you "save" the profile

    and then get the LION WiFi to use it ???



  • Tunc Level 1 (20 points)

    You can export to a file and double click, or email yourself and open it.


    By the way, the system profile didn't work...

  • MennoTech Level 1 (0 points)

    This is what worked for me:


    To get a system to work with an IPCU mobileconfig, create a working “user” profile and add the following items:


    Starting the line immediately below the SSID_STR key’s ‘<string>’ value, add this:







    Change "System" to "Loginwindow" to create a Login Profile


    Insert these lines immediately above the bottom-most PayloadType key line:






    I was able to get both a System profile and a Login Profile working. No Lion servers involved for me just the iPhone Configuration Utility. 


    Taken from:

  • cbrew325 Level 1 (15 points)

    That's the missing piece to this puzzle.  Thank you very much.

Previous 1 2 3 Next