802.1x add profile ?

From Apple Help

You can connect to a Wi-Fi or Ethernet network that is protected by the Institute of Electrical and Electronics Engineers (IEEE) 802.1X standard. The 802.1X standard is designed to enhance the security of local area networks.

In most cases your network administrator provides a configuration profile that contains the information and settings you need to authenticate with the network.

When you download the profile from the web or open the attachment using Mail, the computer recognizes the .mobileconfig extension as a configuration profile and begins installing when you click Install.

During installation, you may be asked to enter any necessary information, such as passwords that weren’t specified in the profile, and other information as required. Enter any password necessary to use certificates included in the profile.

1. Choose Apple menu > System Preferences, and then click Network.
2. Select the network service you want to use, such as Ethernet or Wi-Fi, from the list.
3. Click Connect. If you have installed multiple profiles, choose the one you want to use from the 802.1X pop-up menu, and then click Connect.

If you are connecting to an Ethernet network that uses 802.1X and want to connect automatically to the network when it’s detected, click Advanced, and then click 802.1X. Select “Enable automatic connection.”

Ask your network administrator or service provider if you need more information.

Hi, I was read this article but I have a wired 802.1X network and the automatic connection doesnt work. Actualy my MacBook work fine because have import the profile from Snow Leopard, but at the moment I receive a new MAC with Lion and I dont know how I can import or use it on this wired Network.

Any suggest? thank!!!

Really, I'm getting tired of this Lion thing that Apple calls the most advanced desktop in the world. First the versions and auto-save as discussed in another thread and now I can't connect to wireless networks on Lion. Why did the add 802.1x button disappear? The smart users have to became dumb because others can't set up a wireless network? If I could I would be installing some Linux flavour and leaving Apple. Snow Leopard was the last thing that connected me to Apple ecosystem.

This is how I solved it:

searched a config file for Lion (http://www.wireless.bris.ac.uk/eduroam/instructions/go-lion/) on the Web and modified it with the right values for my access. I hope it will help others.

I agree completely joaomcarvalho. I was having problems connecting to my university network with Lion, so I tried deleting the profile. Big mistake because now I can't get on at all. This is completely unacceptable.

How do any of you, or does Apple, suggest that we acquire a profile when our system administrator does not support Lion yet?

I work at a school and foolishly upgraded to Lion before my school has done so. I already had a Snow Leopard profile on our network, and would be prompted to login when I was either wireless or plugged in with ethernet.

Lion isn't giving me that option and no one seems to be able to provide me with a profile to log in.

HELP!

+1

Same problem : no profil available in my university for Eduroam. I will have to wait very long before the administrator takes some time to repair a lost connexion with Lion, when all worked fine with 10.6

This is not a good advertising for Lion, and I look stupid with my 3G key in class room with no RJ45 plug.

I have the same problem. I can't connect to my university's wireless network neither to a wired network in dorm, both using 802.1x.

Both university and dorm does not provide any support for Lion and I dont't expect that to happen in near future.

How can I create a profile for wired network that uses PAP/TTLS? iPhone Configuration Utility doesn't seem too useful.

If your school uses TTLS with PAP (LDAP backend) then yah, the auto connection with ethernet will not help you. That is because the default EAP type that is supported is TTLS MSCHAPv2 (which is a bit more secure that PAP --ya ya, I know it is not fool proof).

Anyway, all is not lost.

You have three choices on how to get an 802.1X profie that supports TTLS with PAP onto your Mac.

1. Download iPCU and create a .mobileconfig file

2. Buy Lion server and use Profile Manager

3. Create a .mobileconfig (xml file) from scratch

Options 2 and 3 are kind of a pain in the rear, so let's stick with option 1.

Please put on your learning hat now 😉

**Please note this example is for a wired OR wireless 802.1X connection that requires TTLS and PAP for Lion clients**

1. Download and install the iPCU http://support.apple.com/kb/DL851

2. Open the iPCU (the iPCU is install in Applications - Utilities)

3. In the right hand side click on Configuration Profiles.

4. Click on New. (upper left)

5. You will see a new profile with a bunch of payloads (general, passcode, restrictions, etc). Don't worry you do not need to fill most of these out.

6. Click on General and fill out a Profile Name, Identifier (they can be anything) the rest of the fields you can leave blank. I used spam and spam. 🙂

7. Now click on WiFi. Do be scared here. Lion can use WiFi profiles for Ethernet (it will just ignore the SSID field). Click configure.

7a. For SSID ..If your school has a wireless network that uses TTLS with PAP, fill in the SSID name (wireless network name) that your school uses. If your school does not use wireless, then just use an label (e.g. spam).

7b. Ignore the hidden network field (unless of course your school uses a hidden SSID and you want to use wireless for this connection).

7c. Security Type ..Again if this is for ethernet, just use WPA/WPA2 Enterprise. If this profile is going to be used for WiFi, then you need to find out what type of security your school uses. Most likely it will be WPA/WPA2 Enterprise (I hope).

7d. Once you choose WPA/WPA2 Enterprise you will see more options appear. Choose TTLS.

7e. Ignore EAP-FAST settings. Leave all boxes unchecked for EAP-FAST.

7f. For Inner Authenticaiton choose PAP.

8. You will see three tabs, one for protocol (that you already filled out), one for Authentication and one for Trust. You can ignore trust unless you have the certificate from the radius server already loaded on your client. Don't worry if you do not have the cert, the Mac will load it (with your permission) during the first authentication. Ignore the Authentication tab for now.

9. Now look at the top left of the tool and choose Export

9a. for Security, just choose none (don't worry about signing it)

9b. Hit Export.

10. You will get a Save As dialogue box. Give the profile a name (like spam 😉 or something) and choose where you would like to save the profile.

11. Now goto where you save your profile and double click it. System Prefs will launch and try to install the profile.

11a. Just hit continue and continue again.

11b. You will be prompted for "settings" which are the username and password. You can either just hit install (the eapol supplicant will ask you for your credentials during the authentication phase) or you can fill them out now. BE SURE TO INPUT THE CORRECT INFORMATION!!!!. If you insert a bad username or password into this field, it will get saved as a keychain entry (with bad info) and you will never be able to connect. The Mac will just silently fail authentication until you delete the keychain entry and do a fresh auth. Save yourself some trouble and leave the fields blank and just hit install.

11c. You will be prompted for your admin password to install the profile.

12. The profile should be installed now.

13. In system prefs, click show all then click network.

14. If you click on your Ethernet interface you should now have a nifty "connect" button now. Connect via Ethernet into the school's 802.1X protect network and hit connect.

At this point you should get prompted for your credentials and then prompted to accept the RADIUS server's certificate.

You should be good to go now.

Here endith the lesson. Hope it works for you guys. 😎

Tnx m8! Will try in a few days and report back!

Worked like a charm. Thank you sir, you are a gentleman and a scholar.

Neat. Thanks DrVenture!!

Using the iPCU worked perfectly! Thanks so much!

thank you dr. venture!

It works! Thank you!