Subject’s a mouthful eh? Basically, I needed for my 10.7 Macs to authenticate to our RADIUS wireless network using PEAP authentication & the Mac’s Certficate from our domain.
Here’s the steps I took:
- I followed this Apple KB article to get the Mac Client to request a certificate from our Domain. I then uploaded this & deployed to my 10.7 clients as a Computer Level profile.
- Next I created a new Computer Level Configuration Profile in our JSS with our Wireless Networks SSID & certificates.Under Protocols, tick PEAP, Directory Authentication & in the Username field enter “$COMPUTERNAME,” (as below, click to enlarge).
The Mac client should now authenticate as itself to the RADIUS server using it’s certificate from AD.
Can this work without JSS? I’ve configured peap-eap with a godaddy certificate for machine authentication and can’t get our macs that are not joined to the domain connected to the wireless.