Does 10.7 offer a dialog box for wired 802.1x authentication?

Discussion in 'Mac OS X Lion (10.7)' started by Eddyisgreat, Jun 23, 2011.

  1. Eddyisgreat macrumors 601

    Joined:
    Oct 24, 2007
    #1
    As the title implies, i wanted to see if anyone who has access to a wired 802.1x network can confirm that the behavior has changed from 10.5/10.6.

    As many will know, it's a giant PITA at the present. OS X will not connected to the wired network unless you manually hit "connect" in network settings. This is different than with wireless 802.1x auth where it'll ask for your credentials whenever you attempt to access the network.

    Please let me know your experiences!

    Thanks!
     
  2. Heston macrumors regular

    Joined:
    Feb 13, 2007
    #2
    I have no idea, but I can attest to it being a major problem for WIRELESS on my end.

    Have you tried using iPhone Configuration? Supposedly that helps
     
  3. CyBeRino macrumors 6502a

    Joined:
    Jun 18, 2011
    #3
    Though I am unable to test this, I believe it cannot really be done, unless you want it to simply always try to do 802.1x. The thing is that unlike with wireless networks, a station can't really detect the requirement to use 802.1x with wired networks. It'll just find itself staring at a silent network port. Wireless networks actually tell the station that they're using 802.1x, WEP or WPA.
     
  4. Eddyisgreat thread starter macrumors 601

    Joined:
    Oct 24, 2007
    #4
    I haven't tried wireless in my own network config but i'm scared none the less, although i've used other 802.1x networks that seemed to work fine. My hope is to atleast allow clients to auth at the login window, which seems to be possible now (albeit ONLY over wireless).

    It should be possible. When I monitor traffic between a windows workstation and the switch, I can see the switch (HP, btw) asking the client to provide credentials which invokes the following box (imaged below), Unless i'm misunderstanding the handshake process. I can't understand why we can't do the same on OS X.
     

    Attached Files:

  5. ntdogg511 macrumors newbie

    Joined:
    Mar 4, 2008
    #5
    We utilize a 802.1x wired and wireless network at my office and I can say that Lion is a definite improvement over SL in terms of it connecting, especially on the wired side of things. I totally feel your pain with users constantly having issues connecting to .1x networks. It will now store the credentials in keychain for a user profile which is huge for me. Also you can set it up to utilize login credentials to join, but you need to create the profile using the configuration utility included in either ARD 3.5 or Server Tools for Lion. Using the current iphone tool for SL results in it working, but not correctly. I'm not super happy about the profiles thing, I personally being an admin want to be able to configure .1x on the fly, but if you have a copy of the configuration utility on your laptop it's not too much work, but just seems like an extra step over SL. The ability to push the profiles is welcome though as I never got it to push .1x settings correctly via ARD on SL.

    If you have any other questions let me know, I have Lion running as my primary OS right now and daily I come into our office, hop on the network and I'm placed in the right VLAN with no issues from .1x HUGE over my daily routine on SL.
     
  6. Eddyisgreat thread starter macrumors 601

    Joined:
    Oct 24, 2007
    #6
    This is exactly what I wanted to hear. I actually abandoned the 802.1x rollout at work and opted for mac addy port protection and static vlans but we can throw it back in the mix if OS X clients associate properly.

    No questions right now but thanks for your comments; it gives hope.
     
  7. Heston macrumors regular

    Joined:
    Feb 13, 2007
    #7
    Could you help me out in using my school's wireless 802.1x? I really don't know what I'm doing when it comes to networks, but the website at our school (http://www.uic.edu/depts/accc/network/wireless/macleopard.html) says to use TTLS, LEAP, PEAP, MD5. How on EARTH do I set this up? Lion tries to connect, but keeps on asking for my credentials. I've tried to use the iPhone Configuration tool, but honestly, I'm thinking I'm just using it wrong. I created a profile and added in all this stuff (nowhere in the tool does it allow me to click on MD5) and when I connect, sometimes Lion allows me to use the configuration I've created, but it still doesn't work. Ah!! Drives me crazy.
     
  8. Heston macrumors regular

    Joined:
    Feb 13, 2007
    #8
    Turns out my school doesn't support Lion yet and probably won't have anything developed for connection for a while. Apparently, and this is crazy, they still don't have connectivity for Android phones.
     
  9. justinfreid, Jul 14, 2011
    Last edited: Jul 14, 2011

    justinfreid macrumors 6502

    justinfreid

    Joined:
    Nov 24, 2009
    Location:
    NEW Jersey / USA
    #9
    If your school provides a .mobileconfig file intended to allow 802.1X support on iOS devices, you can import it just as easily into Lion. I've tested it, it works for me. You can also use the iPhone Mobile Phone Utility to get around Apple's omission of the plus button (previously there to create and manually configure 802.1X profiles) in 802.1X settings. Idea care of: http://blog.affien.com/archives/2011/03/16/802-1x-configuration-profile-on-lion-mac-os-x-10-7/.

    I can't understand why Apple decided to omit the ability for users to configure 802.1X without downloading a profile, which is really only a file containing XML that corresponds to the fields previously available in Snow Leopard and earlier. Sometimes getting online is contingent upon setting up 802.1X making it difficult to get the profiles.
     

Share This Page