Authenticating 10.7 Macs To A RADIUS Server With Certificate Enabled PEAP Authentication

Standard

Subject’s a mouthful eh? Basically, I needed for my 10.7 Macs to authenticate to our RADIUS wireless network using PEAP authentication & the Mac’s Certificate from our domain.

Below are the steps taken.

Pre-reqs

The Macs need to be bound to AD and managed by Jamf.

With these items covered, the below can be attempted.

Steps

  1. Follow this Apple KB article to get the Mac Client to request a certificate from our Domain. upload this & deploy toyour 10.7 clients as a Computer Level profile.
  2. Next create a new Computer Level Configuration Profile in our JSS with our Wireless Networks SSID & certificates.Under Protocols, tick PEAP, Directory Authentication & in the Username field enter “$COMPUTERNAME” (as below)

The Mac client should now authenticate as itself to the RADIUS server using it’s certificate from AD.

One thought on “Authenticating 10.7 Macs To A RADIUS Server With Certificate Enabled PEAP Authentication

  1. brandon

    Can this work without JSS? I’ve configured peap-eap with a godaddy certificate for machine authentication and can’t get our macs that are not joined to the domain connected to the wireless.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.