How can I create an 802.11x system profile?

You have to use Profile Manager on Lion Server to create System Mode or Login Window mode profiles for Lion clients.

There is no way to do it without Lion server. Remember Lion server is now free. You can also do a reinstall on any Lion client (choose customize) to install server. Then just download the server app from the App store and you can configure profile manager.

You need Lion Server on a system to create the profiles.

Lion Server is $50 and available from the App Store. You'll probably want at least one machine with it to generate the profiles.

Another option might be to script 'networksetup' to create the profiles from the command line. This is not a trivial exercise, but would likely work if you were a command-line expert and had a bunch of knowledge about all networksetup's options and your 802.1X environment.

I stand corrected. I just checked and server is indeed 50 bucks. Darn you developer preview =).

Yes, networksetup is another option it can be a little overwhelming. I would just spend the 50 dollars and use profile manager.

Hi, I'm in a similar situation here: we operate 802.1x on both our wired and wireless network and, while our iPhone mobileconfig file is working on laptops at the moment, we can't get dekstop machines to auhenticate properly on the wired network.

While we have a large Mac userbase on campus we operate a Microsoft Active Directory and have no intention of setting up a Lion server and Open Directory infrastructure just to get clients on the network. I need a way to create these Profiles without Lion Server. This is a serious problem.

Gary,

If you are not going to use System or Login window mode, then you can use IPCU to create the 802.1X profiles that will allow a Lion client to connect to either a wireless or wired 802.1X network. If you need System or Login window mode, then yes, you will need to set up a Lion server or use the networksetup utility.

From my testing I have found the following to be true:

1. A profile created with IPCU can be used for either the wireless or wired interface on a Lion client. If you want to create a wired profile, just enter bogus info for the SSID, the wired interface will ignore it. If you decided to check out Lion server, you can specify wired or wireless interfaces, so you do not have to enter a bogus SSID if you want a "wired" only profile.

Another thing is again with Profile Manager (Lion Server), WiFi 802.1X profiles can be used with wired interfaces, however, wired 802.1X profiles CANNOT be used with WiFi because it lacks an SSID.

2. Lion client now supports an "802.1X automatic" mode with wired. Meaning, if you plug a Lion client into a switch that supports 802.1X authentication, the Lion client with start the EAPOL supplicant when it sees an EAP ID request. If, the EAP type can be auto neg by the Lion client, it will prompt the user to enter user credentials, or a cert (in the case of TLS). So a profile is not needed in this case.

If this auto connection mode is not desired, you can turn it off by going to System Prefs - Network - choose the Eth interface - advanced - 802.1X tab. You will see a check box to enable automatic connection.

Hope this helps

Is there a documentation or how-to about creating system profiles for wifi/ethernet in Lion server ??

Create a User level profile using either IPCU or the Profile Manager in Lion Server.

Once created, edit the file and add the following:

<key>PayloadScope</key>

<string>System</string>

This should make your profile device level as opposed to user level.

thanks. I will try it.

So I assume, there is no other way to do it. It's a bad thing actually, if the profile file encrypted is.

Thanks again. And these should be the answer to these discussion, not some reply with lion server being free...

LION on MBP

Once I use the IPCU tool

How the heck do you "save" the profile

and then get the LION WiFi to use it ???

steve

You can export to a file and double click, or email yourself and open it.

By the way, the system profile didn't work...

This is what worked for me:

To get a system to work with an IPCU mobileconfig, create a working “user” profile and add the following items:

Starting the line immediately below the SSID_STR key’s ‘<string>’ value, add this:

<key>SetupModes</key>

<array>

<string>System</string>

</array>

Change "System" to "Loginwindow" to create a Login Profile

Insert these lines immediately above the bottom-most PayloadType key line:

<key>PayloadScope</key>

<string>System</string>

I was able to get both a System profile and a Login Profile working. No Lion servers involved for me just the iPhone Configuration Utility.

Taken from: http://www.iphoting.com/blog/archives/817-Lion-Wireless-Access-in-SMU.html

That's the missing piece to this puzzle. Thank you very much.

Yes I think I can create a Wireless profile using IPCU

but can anyone tell me how to get the Profile to be recognized by the MBP that I am using ?

I see things about Exporting via e-mail etc but all I want to do is to create a wireless profile to use on THIS Machine

the same facility that existed in Snow Leopard but has somehow been removed in LION ?