Monday 5 September 2011

802.1X login with OS X 10.6.6 and Active Directory

After re-imaging all the computer suites, there were a few machines without ethernet connections. These I had to set up using 802.1X logins on OS X 10.6.6, something I hadn't tested, although in theory there would be nothing different then the setup with OS X 10.5.8. But I've now just noticed that I have not written this process down, so this will be the first connotation of it:

After a few trials and tribulations I discovered the best (quickest and easiest) way to get the to log in wirelessly on Active Directory accounts using 802.1X.

  1. Go to Network Settings in System Preferences
  2. Click on Airport, turn it on and connect to ChesterfieldCollege wireless network:
  3. Authenticate using the login details which will be used in the 802.1X authentication (needs to be the full username i.e. username@students.chesterfield.ac.uk. I think I also unticked the "Remember Password" box.
  4. Accept the certificates (if you get any) and hopefully you should be connected
  5. Click on Advanced and then go to the 802.1X tab
  6. We are going to add a System Profile, so that whenever the computer is on, it'll always be authenticated on the wireless with a certain username and password.
  7. You need to fill out the FULL username (.......@students.chesterfield.ac.uk) and password, tick TTLS and PEAP (might just apply to this wireless) and select ChesterfieldCollege as the wireless to use. Oh and WPA2 Enterprise.
  8. Before we click OK I've found I also need to add the server certificate we just accepted (no.5) to the certificates. So go to Certificates, click add "Select Certificate from Keychain" and select the one you added:
  9. Click OK, OK and when back on the initial Network Settings screen, click "Disconnect" under 802.1X.
  10. Now restart the machine and see if it works!
In my experience, the wireless login takes a few more minutes to authenticate, so when restarting a machine you might want to give it a minute before trying to log in.

If it doesn't work, login as your administrator and see if it's connected to the wireless using 802.1X, and if not, delete the System Profile in Advanced and see if you can connect to it normally. Just keep on trying, and perhaps you added the wrong server certificate?



....
After doing this I always found a few machines which would come up with the "Error connecting to 802.1X" blaa blaa blaa. After a bit of trial and error it turns out that if I moved the machines to another part of the room it worked. Thus, the error message only came up when there was a low signal. Simple.

No comments:

Post a Comment