Yosemite automatically login as computer on AD

  • 1
  • Question
  • Updated 3 years ago
This isn't an Aerohive problem, but I thought I'd ask here anyways.  Our Apple server is pushing out a wireless 802.1x ssid to our mac wireless clients with the option set in profile manager for automatically joining the wireless network.  Our Apple devices running Mavericks automatically login to the wireless upon powering the devices on, logging in as the computername in AD.  After this happens, domain users can login using their AD credentials.  In testing, our Apple devices running Yosemite do not login to the wireless unless we login as a local user first even though the settings from profile manager are the same and applied to the device, not user.  Do the settings need to be different for Yosemite to work?
Photo of Vernon Montford

Vernon Montford

  • 17 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Eric

Eric

  • 15 Posts
  • 1 Reply Like
Good question! It's a bit tricky. You need to create a "machine" 802.1X profile, and this is not something you can set up directly from your Mac. If you configure WiFi via your settings you will create a "user" 802.1X profile, which means you're only on the network once you've logged in (which would be using your cached credentials).

 

To create a "machine" 802.1X profile (so the machine logs into the network as soon as it comes up), you need to create a configuration profile. Apple has a white paper which explains this a bit: http://training.apple.com/pdf/WP_8021X_Authentication.pdf

 

You will need to use Profile Manager (which comes with OS X Server) to create these profiles, or I guess you can hand-code them with XML. There's a lot to learn the first time around with this, but it's not all that complicated.

 

BTW there are a number of additional white papers and technical resources that Apple has for integrating Macs into a corporate environment. They're all linked off this page here: http://training.apple.com/osx

Photo of Vernon Montford

Vernon Montford

  • 17 Posts
  • 0 Reply Likes
I knew that suggestion would come up. :) I went through that document earlier.  We are using profile manager and the wireless settings are applied to the device, not the user.  Per that document, as I understood it which may be wrong, the profile should be a system profile when applied to the device so login should happen to the wireless ssid before the user logs in.

It all works with Mavericks just like the white paper says.  It is only Yosemite that isn't cooperating.
Photo of Eric

Eric

  • 15 Posts
  • 1 Reply Like
Are these clean installs of yosemite or upgrades? If it is upgrades have you tried removing /Library/Preferences/SystemConfiguration and letting it be recreated? (note that it is /Library/..., not the Library folder in the home directory)
Photo of Vernon Montford

Vernon Montford

  • 17 Posts
  • 0 Reply Likes
The computer we are testing with now is a clean install, but we've had profiles on it multiple times by now.  We deleted the password from keychain, deleted all profiles, deleted the SystemConfiguration folder like you suggested, and removed the computer from the domain.  Then we readded the computer to the domain and reset the computer's password from keychain into the computer's network profile on profile manager.  Then we downloaded trust, network, and certificate profiles from profile manager to the laptop.

Now the laptop won't auto-login to the ssid as the computer or when we login as administrator.  The prompt is coming up for us to enter the wifi username and password even though we have entered that information into the network profile that we downloaded.

Windows Active Directory wifi GPO's are so much easier! :)
(Edited)
Photo of Vernon Montford

Vernon Montford

  • 17 Posts
  • 0 Reply Likes
We redid everything this morning deleting all of the settings and rebooting and now the Yosemite logins work right.  We also used the "Use Directory Authentication" checkbox instead of manually putting the in password and that works as well.

I have no clue which of the changes fixed this exactly since we added and deleted a few things, but now that we have a working Yosemite laptop I am confident we can make the others work.

Thanks Eric!