802.1x add profile ?

802.1x no(+) add profile button ??? help

If your school uses TTLS with PAP (LDAP backend) then yah, the auto connection with ethernet will not help you. That is because the default EAP type that is supported is TTLS MSCHAPv2 (which is a bit more secure that PAP --ya ya, I know it is not fool proof).
Anyway, all is not lost.
You have three choices on how to get an 802.1X profie that supports TTLS with PAP onto your Mac.
1. Download iPCU and create a .mobileconfig file
2. Buy Lion server and use Profile Manager
3. Create a .mobileconfig (xml file) from scratch
Options 2 and 3 are kind of a pain in the rear, so let's stick with option 1.
Please put on your learning hat now
**Please note this example is for a wired OR wireless 802.1X connection that requires TTLS and PAP for Lion clients**
1. Download and install the iPCU    http://support.apple.com/kb/DL851
2. Open the iPCU (the iPCU is install in Applications - Utilities)
3. In the right hand side click on Configuration Profiles.
4. Click on New. (upper left)
5. You will see a new profile with a bunch of payloads (general, passcode, restrictions, etc). Don't worry you do not need to fill most of these out.
6. Click on General and fill out a Profile Name, Identifier (they can be anything) the rest of the fields you can leave blank. I used spam and spam. 
7. Now click on WiFi. Do be scared here. Lion can use WiFi profiles for Ethernet (it will just ignore the SSID field). Click configure.
7a. For SSID ..If your school has a wireless network that uses TTLS with PAP, fill in the SSID name (wireless network name) that your school uses. If your school does not use wireless, then just use an label (e.g. spam).
7b. Ignore the hidden network field (unless of course your school uses a hidden SSID and you want to use wireless for this connection).
7c. Security Type ..Again if this is for ethernet, just use WPA/WPA2 Enterprise. If this profile is going to be used for WiFi, then you need to find out what type of security your school uses. Most likely it will be WPA/WPA2 Enterprise (I hope).
7d. Once you choose WPA/WPA2 Enterprise you will see more options appear. Choose TTLS.
7e. Ignore EAP-FAST settings. Leave all boxes unchecked for EAP-FAST.
7f. For Inner Authenticaiton choose PAP.
8. You will see three tabs, one for protocol (that you already filled out), one for Authentication and one for Trust. You can ignore trust unless you have the certificate from the radius server already loaded on your client. Don't worry if you do not have the cert, the Mac will load it (with your permission) during the first authentication. Ignore the Authentication tab for now.
9. Now look at the top left of the tool and choose Export
9a. for Security, just choose none (don't worry about signing it)
9b. Hit Export.
10. You will get a Save As dialogue box. Give the profile a name (like spam or something) and choose where you would like to save the profile.
11. Now goto where you save your profile and double click it. System Prefs will launch and try to install the profile.
11a. Just hit continue and continue again.
11b. You will be prompted for "settings" which are the username and password. You can either just hit install (the eapol supplicant will ask you for your credentials during the authentication phase) or you can fill them out now. BE SURE TO INPUT THE CORRECT INFORMATION!!!!. If you insert a bad username or password into this field, it will get saved as a keychain entry (with bad info) and you will never be able to connect. The Mac will just silently fail authentication until you delete the keychain entry and do a fresh auth. Save yourself some trouble and leave the fields blank and just hit install.
11c. You will be prompted for your admin password to install the profile.
12. The profile should be installed now.
13. In system prefs, click show all then click network.
14. If you click on your Ethernet interface you should now have a nifty "connect" button now. Connect via Ethernet into the school's 802.1X protect network and hit connect.
At this point you should get prompted for your credentials and then prompted to accept the RADIUS server's certificate.
You should be good to go now.
Here endith the lesson. Hope it works for you guys.

Similar Messages

  • In Snow Leopard, is there a way to import a wireless 802.1x System Profile via Terminal?  If so how?

    I am trying to deploy a Snow Leopard image via Casper running on a Lion server.  Everything works fine but I'd like to be able to have the image include a wireless 802.1x system profile without having to do it manually post.  I had it as part of my base image but for whatever reason it breaks during the process so I'd like to be able to create a task sequence to deploy it during the image process.  What's the best way to do this?  Thanks in advance!

    Hey SchenkerBob,
    It is possible to disable non-system fonts temporarily for all applications using the Font Book application. This article explains how to do so -
    Mac Basics: Font Book - Apple Support
    In particular -
    Disable and enable specific fonts
    In situations where you'd like to prevent a font from being available in applications, but you don't want to completely remove the font from your Mac, you can use Font Book to disable the font.
    In Font Book, click "All Fonts" in the Collection column.
    Click the name of the font in the Font column.
    Choose Disable "Font Name" Family from the Edit menu.
    Since it might be problematic to have to disable each font individually, you can create a collection of fonts and disable the collection. See the article for how to create a font collection -
    Organize fonts as collections
    When working with fonts, you may discover that you use certain fonts frequently, but rarely use others. To make it easier to find the font you are looking for, you can organize your fonts into collections.
    From the Font Book File menu, choose New Collection.
    Type in a name for the new collection.
    Click "All Fonts" in the Collection column.
    Drag the fonts that you want from the Font column onto the name of your new collection in the Collection column.
    You can then disable collections of fonts -
    You can also disable or enable all fonts in a collection: Click the name of the collection in the Collection column, then choose Disable "Collection Name" or EnableCollection Name" " from the Edit menu. 
    Thanks for using Apple Support Communities.
    Happy computing,
    Brett L 

  • How to add Profile Picture in Jabber

    I would like to ask, how to add profile picture in Jabber ?
    For your information, my callmanager with 10.5.1.10000-7 version have been integrated with Active Directory in Windows Server 2008
    Thanks and Best Regads,
    Ferly

    Hi Ferly,
    Cisco Jabber by default will fetch the image from AD using the thumbnailPhoto attribute once it is configured on AD.
    Please check "Contact Photo Retrieval with EDI"
    http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_7/JABW_BK_C4C679C9_00_cisco-jabber-for-windows-97/JABW_BK_C4C679C9_00_cisco-jabber-for-windows-97_chapter_0111.html#CJAB_RF_C9FFDD8D_00
    HTH
    Manish

  • Receive: "Add Profile Failure: Invalid Profile XML" error when adding WWAN profile - Windows 7

    I'm trying to import below XML profile to Windows 7 machine and no matter what profile i use (even the one it was on that computer originally it gives me an error.
    Command:
    netsh mbn add profile interface="Mobile Broadband Connection" name="test.xml"
    test.xml is in c:\temp folder.
    <MBNProfile xmlns="http://www.microsoft.com/networking/WWAN/profile/v1">
    <Name>TestProfile</Name>
    <IsDefault>true</IsDefault>
    <ProfileCreationType>UserProvisioned</ProfileCreationType>
    <SubscriberID>01.........................00000</SubscriberID>
    <SimIccID>89480............9713302</SimIccID>
    <HomeProviderName>02</HomeProviderName>
    <AutoConnectOnInternet>true</AutoConnectOnInternet>
    <ConnectionMode>manual</ConnectionMode>
    <Context>
    <AccessString>Internet</AccessString>
    <Compression>DISABLE</Compression>
    <AuthProtocol>NONE</AuthProtocol>
    </Context>
    </MBNProfile>
    Tried these steps:
    - configured the setting using UI and test connection - it worked.
    - copied that profile from path: C:\ProgramData\Microsoft\WwanSvc\Profiles to
    c:\temp and renamed it to test.xml
    - closed the connection and run command: netsh mbn delete profile interface="Mobile Broadband Connection" name=TestProfile
    - and then tried to add the profile under changed name (no profile changes made): netsh mbn add profile interface="Mobile Broadband Connection" name="test.xml"
    - received very nice message: Add Profile Failure: Invalid Profile XML
    I'm stuck, help?

    Hey,
    Got an answer. It required some debugging, but I end up finding it.
    When you add that profile, system executes a function which compares Subscription ID tag with the one it has in system already. If one is already there then overwrites the profile, if NULL adds the profile. Problem is, as soon as any of
    the profiles are configured manually to redistribute later, the Subscription ID tag is encoded. And window doesn't know how to decode it, so it fires an error. 
    The Subscription tag is an IMSI number, when you right click it on your connection and go to properties, you will see it there, 15 digits. Copy it and paste it to the XML file replacing encoded number.
    It works as a charm.
    I leave deployment methods to you... :)
    Not so happy to answer my own question, but what a heck... glad to help even one person :)

  • Help with 802.1x wifi profile

    Hi All,
    I am in a bit of a bind.  I have been tasked with creating an 802.1x profile for Lion and up machines based on the profiles we use for our Windows machines and I have not been able to get this to work.  Our radius server is Win 2K8 R2 based, and uses various AD based methods for authentication.
    Radius needs the following:
    - Microsoft: Protected EAP (PEAP)
    - TLS (for MSCHAPv2 settings)
    PEAP Properties
    - Validate server certificate
    - Authentication Method:  EAP-MSCHAPv2 with Fast-Reconnet enabled
    MSCHAPv2 will use the user's AD credentials.
    Radius also requires that machine be found in AD.  Our CA admin has given me certs to add to the macs for this portion.
    I guess I am just very confused as to what info goes where.  I've had a look at this:
    http://www.revolutionwifi.net/2012/02/mac-os-x-lion-creating-wi-fi-8021x.html
    but I still can't figure this out.
    Can anyone provide any guidance on setting up 802.1x in this kind of a scenario?
    Thanks!

    The official documentation is below. I don't know anything that isn't in that document.
    http://training.apple.com/pdf/WP_8021X_Authentication.pdf

  • Windows 7 802.1x wifi profile issue with cached credentials

    We have a wireless network that is setup as WPA2-Enterprise AES using 802.1x. We have a user that is constantly having his account locked out. When we trace where it's coming from, it's from our
    radius server (which is only used for this one wireless network). We have already deleted the profile and recreated it. If we uncheck the option to remember the username/password, and enter that manually at prompt, it connects fine. As soon as we check that
    option back, it fails and will keep failing and eventually lock out his acocunt. We have recreated his user profile and the wifi profile with no luck. I've done the following http://security.stackexchange.com/questions/15574/how-do-i-clear-cached-credentials-from-my-windows-profile
    but to no avail. There are no credentials listed when I go this route. Can someone shed light as to where it is hiding these credentials?

    Hi
    Maybe change settings on RADIUS server to allow more than 5 successive login attempts.
    If you look at the windows security log on the radius server can you see if it giving errors of bad username or password?
    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • 802.1x System Profile HELP, Please!!!

    Server : Xserve, 10.8.5
    Clients : Mix, 10.6.8, 10.8.5
    To who ever may be able to help me,
    I am the tech director for a school district and manage about 800 Apple laptops ranging from old MacBooks to the latest MacBook Pro. We utilize the LDAP service on our Apple server for authentication via 802.1x. Our entire district uses Aruba Network controllers and access points to privde wireless to our clients. For termination we use PEAP and EAP-GTC. Please don't ask me why we are using those methods, it was set up like that before I started and I am not very familiar with all these protocols and authentication methods. All of our students have network only accounts, nothing is ever saved to the client devices, so they require the system profile to be configured in order for the wireless to be active at the log-in window. I have preconfigured each of our 10.6 clients to authenticate this way with a preconfigured user name and password stored in a profile that I exported from the network preferences, because you used to be able to do that.
    Now I am sitting on a pile of newly shipped MacBookPros that, guess what, have 10.8 on them and I am dealing with profiles made by profile manager. Obviously I am here because this is not going well.
    I have created a profile in Profile Manager that has all the information I can provide.
    Interface is set to WiFi
    SSID is set properly
    It is a hidden network, so that box is checked
    Auto Join is checked
    I have no Proxy
    Security type is WPA2
    I have checked, to Use as a log in window configuration
    PEAP is checked
    Password is entered
    I have also added the certificate that the wireless network asks for when manually connecting
    Additionally, I have looked at the profile in Text Edit and confirmed all of the key values are correct.
    The profile will successfully install but it will never connect to the network, it will just sit there authenticating. I can manually connect just fine using the same user name and password I used in the profile. I am stuck. If anyone has any tips for me, I would greatly appreciate it.

    I am experiencing exactly the same issue in my environment. Same setup: System-level profile configured via Casper, with 802.1x authentication at the loginwindow enabled. Users are able to log in using directory based accounts, but the connection then drops and the profile seems to disappear completely! It is no longer visible in the profiles preference pane, and the network will not function again until the user selects the SSID manually and reauthenticates.
    Did you ever find a resolution for this issue? Please help!
    -Andy

  • Script to Create User and Add profiles

    Instead of using the ODI 10g GUI Console to create users and add them to a profile, Can this task be achieved by scripting ? Either by wlst or JMX or Java Packages ? Please advise and guide me.
    -Thanks,

    Is there any other way for adding Bulk users and assigning them to a profile? Any thoughts Please
    Versions: 10.1.3.5 and 10.1.3.6

  • RDP + Wireless disconnect - 802.1x wireless profile

    We have an enterprise access point that uses 802.1x domain user authentication so when the user logs into their domain laptop it automatically authenticates and connects using their AD credentials. It's worked great for years.
    However we recently noticed (and apparently its done this forever my coworkers tell me) if you Remote Desktop into a any laptop that is on this 802.1x access point the wireless connection disconnects. It does this even if you are using the same username/pw
    to connect with Remote Desktop. If you log back in on that laptop the wireless instantly reconnects.
    We have a GPO that pushes to these laptops and sets this access point/SSID as the default. I can't see anything obvious that would disconnect this wireless profile if RDP tries to connect...
    Anyone else seen this? This is across all windows domain wireless systems, all hardware types.

    Hi,
    Please follow the steps bellow:
    1. Check if you have any third-party network card tool , if so, please choose to let Windows manage your network connections, then check if issue would be solved.
    2. If the solutions mentioned above don’t work, please delete your wireless profile and create it again.
    Please refer to the following thread about deleting wireless profile.
    http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/windows-7-wireless-networking-keeps-returning/621d4c06-8185-4e10-9ecf-50d02aa4d141
    Any update, please feel free to ask.
    Best regards

  • How to add profiles to critical roles & profiles table in GRC RAR

    Hello,
    As per Note# 1034117, it says Add "SAP_ALL" type security roles and the SAP profiles, see list below for profiles, to the Critical Roles and Critical Profiles table.
    SAP_ALL All Authorizations For The SAP System
    SAP_NEW All Authorizations For Newly Created Objects
    S_A.ADMIN Basis Operator
    How do we add the profiles, to the Critical Roles and Critical Profiles table in RAR.
    Thanks,

    Hi,
    I configured the critical roles & profiles in rule architect.
    But when I schedule the background job for batch risk analysis, it is taking all the users, roles & profiles.
    Is there a way to exclude users, roles & profiles? (I have already configured the excluded users, roles and profiles in exclude option), but still when I schedule the background job and say show parameter, it shows the User Range as '*'. It is not showing the excluded users.
    Can you please update how to exclude the list of users, from the batch risk analysis?
    Thanks,

  • WLAN 802.1X Add a new AD

    Hi, I have configured a WLAN whith 802.1X authentication, and this works fine. The user download the certificated from the CA of the domain called Company A, and through the ACS server the username and password is validated whit the Active Directory of the company A, the ACS is member server of the windows domain of Campany A. Now, and I would like integrate other Active Directory, the campany B, and to authenticate the wireless clients of the company B whit the 802.1X. How I can achieve this?. Actually, the ACS belongs is member server of the domain Campany A, I can configure the ACS to become a member of campany B?

    Thanks Nicolas,
    I have set the relationship between the two domain controller servers. And I am able to share a file between the two domains, and works fine. Then in the ACS server, I visualize the second window domain, then I add this second domain, in the list of external windows database in the ACS. Then a computer from the windows domain B, I download the certificate from the certification authority of the first domain, and I try to connect whit the computer to the wireless network, and the authentication is failed in the ACS. What's wrong?

  • Add profile from iBook (Panther) to G5 PM (Leopard)

    I have an iBook with Panther, can I add a profile from that Mac to my G5 PowerMac running Leopard, without messing up this existing profiles on the G5?
    I have the whole iBook HDD cloned using CCC onto a FW drive.

    you can try using Migration Assistant (it's in Applications/Utilities) and import one user account only. this will not affect your existing accounts. however, I'm not sure how well MA works when moving from Panther to leopard directly.

  • Will not allow me to add profile

    Tring to add my companies user profile and it give me an error sayin root sign cert could not be installed.

    Hello Fairclough
    Welcome to the BlackBerry Support Community Forums.
    To better help I would like to confirm what it is you are trying to do. 
    Are you syncing your BlackBerry Curve 9300 smartphone contacts with Outlook using BlackBerry Desktop Software?
    At what point are you being prompted for a "profile"?
    When did the issue develop?
    I look forward to your reply
    Goose947
    Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
    Be sure to click Like! for those who have helped you.
    Click Accept as Solution for posts that have solved your issue(s)!

  • How to add profiles for older camera and older lenses, Fuji S3 Pro, Nikon D90, Nikon 28-85

    How can I obtain and install profile for a Fuji S3 Pro and Nikon D200
    How can I obtain and install profile for a Nikon 28-85 AF
    A bit of a newbie , just retired

    About Lens Profiles:
    They are different for Raw and JPEG. Sometimes a profile is only available for Raw, sometimes for JPEG, sometimes for both, sometimes for neither. If it is available, it can be found by searching in the Profile tab of the Lens Corrections panel. If it doesn't show available when searching here, you can go to the Adobe Lens Profile Downloader and see if another user, like yourself, has created one. If not, you can download the Adobe Lens Profile Creator tool and make one yourself.  See the link below.
    Photoshop Help | Digital Negative (DNG)

  • 802.1X WiFi profiles

    Hi,
    I recently upgraded my Late 2011 Macbook Pro 17" to the 10.7.3 and since my WiFi profiles have disappeared. The reason I set up profiles is because I have to go via a proxy at work, and at home my router connects straight to the internet.
    I have imported the profiles again and Lion seems to use everything except the proxy settings. The profiles were created using iPhone Configuration Utility 3.5 and they work perfectly on my iPhone.
    I have reset the PRAM and SMC and also reinstalled the combo update for 10.7.3.
    Does anyone know how to solve this issue, or how to make the make switch between using the proxy and not, without me having to do anything?
    Thanks

    Any feature requests you have should go here: www.palm.com/feedback. Thank you for taking the time and wanting us to improve.

Maybe you are looking for

  • Integrating texts from two devices

    I have a number of texts on my old 8220 that I want to keep; I recently got a new 8220 but startd using it before I had transferred the data from the old one so have a new set of texts to keep. I made a back-up before transferring the data, but it do

  • Itunes Showing IPod Photo as having 70g instead of 20g

    All, Since the upgrade to iTunes 6.0.5, and updating my iPod Photo (20g) to 1.2.1, iTunes is having a "space issue". The iPod connects fine, and iTunes sees it, and sees it's contents, but the space available adds up to 70g. So when transferring song

  • [SOLVED] - compare two pdfs

    Hi, I need some advice. I've two versions of a book in pdf form, each some 570 pages long. I need to be able compare the versions and highlight the differences. I haven't found an app with a gui and am not sure whether diff is really what I am after.

  • Eventhough data present in the D Drive (Database files), E Drive (.Pag) files, we can see data is coming as zero in Excel retrival.

    Eventhough data present in the D Drive (Database files), E Drive (.Pag) files, we can see data is coming as zero in Excel retrival. Can anyone help me to figureout this issue. Thanks, SRI

  • Can't take pictures after 2.0 update

    I did the 2.0 update and have noticed a few minor quirks, but the key thing irking me right now is the inability to take pictures. Scratch that, I can "take" a picture, it simply won't save the pic in my phone (going to the camera roll directly from