Subject’s a mouthful eh? Basically, I needed for my 10.7 Macs to authenticate to our RADIUS wireless network using PEAP authentication & the Mac’s Certificate from our domain.
Below are the steps taken.
Contents
Pre-reqs
The Macs need to be bound to AD and managed by Jamf.
With these items covered, the below can be attempted.
Steps
- Follow this Apple KB article to get the Mac Client to request a certificate from our Domain. upload this & deploy toyour 10.7 clients as a Computer Level profile.
- Next create a new Computer Level Configuration Profile in our JSS with our Wireless Networks SSID & certificates.Under Protocols, tick PEAP, Directory Authentication & in the Username field enter “$COMPUTERNAME” (as below)
The Mac client should now authenticate as itself to the RADIUS server using it’s certificate from AD.
Can this work without JSS? I’ve configured peap-eap with a godaddy certificate for machine authentication and can’t get our macs that are not joined to the domain connected to the wireless.