Previous to OS X 10.11, admins might deploy wi-fi community configurations to Macs with 802.1x compliance, but nonetheless enable finish customers to switch the Wi-Fi networks they might connect with instantly from the login display on-the-fly. This allowed cellular gadgets to stay related to enterprise community assets whereas nonetheless allowing the gadgets for use by a number of customers with out ever disconnecting them. This was particularly useful for lab environments, the place a set of gadgets could also be accessed by a whole lot of customers weekly, every with their very own distinctive area accounts.
Since El Capitan, nevertheless, Apple saved the credentials of manually created 802.1x-based connections as a per-user setting, that means the wi-fi community can be accessible solely by the person account that made the preliminary connection—all different periods can be successfully disconnected till that person account created its personal distinctive connection.
This shift left many admins and finish customers scratching their heads because the community seemingly labored intermittently for some customers however not others. Including to the frustration, since these credentials had been moved to the person’s particular person keychain, altering networks from the login window (one thing that customers had been able to doing) was disabled as nicely, forcing IT to rethink their wi-fi community deployments.
SEE: Admin highlight: Saving time with PowerShell (Tech Professional Analysis)
Although this function was faraway from manually created wi-fi community profiles by default, it’s alive and nicely, and will be configured by IT with some minor tweaks to deliver again this performance. Earlier than attending to the steps nevertheless, there are a number of necessities to get this to work correctly:
- Apple laptop working OS X 10.11 (or newer)
- OS X Server with Profile Supervisor configured
- Administrative privileges
- Methodology to deploy .mobileconfig recordsdata (Community, USB, guide set up)
- Wi-fi community configuration particulars
Making a system-based wi-fi profile
Go to the Profile Supervisor (PM) URL and login with admin credentials. As soon as authenticated, create a brand new machine profile or choose an present one to switch. Click on the Edit button to entry the payloads. By default, the Basic payload have to be included, so enter the group identify and safety particulars for the setting (Determine A).
Subsequent, Choose the Community payload and click on the Configure button to start including our wi-fi community settings (Determine B).
Enter the important thing particulars of the wi-fi community, such because the SSID, Safety Kind, and the EAP Sorts that will probably be used with 802.1x authentication (Determine C).
Relying in your group’s setup, the community configuration data can differ. Nonetheless, two settings that can enable the profile to be utilized on the system-level and permit finish customers to vary wi-fi networks as crucial are the checkbox subsequent to Use as a Login Window configuration and Use Per-Connection Password.
Respectively, these settings enable the wi-fi community to be modified from the login window and can enable finish person’s to make use of their area accounts as a method of authenticating earlier than wi-fi entry is granted (Determine D).
As soon as the payload has been configured and the settings are verified to be appropriate, click on the OK button to shut the payload editor. However keep in mind the settings usually are not saved but. To take action, click on the Save button. This can set off Profile Supervisor to deploy the modifications to all gadgets to which the profile is connected to.
If you want you manually deploy these settings, click on the Obtain button as an alternative to obtain the payload as a .mobileconfig file. Merely execute this file on every machine you want to configure, and the settings will probably be imported to these gadgets (Determine E).
Notice: Bear in mind when deploying over the community that the server have to be trusted for the settings to be relevant to every machine. Previous to pushing the settings payload, click on on the drop-down menu to the top-right of PM, and choose Obtain Belief Profile to obtain its .mobileconfig profile that have to be put in earlier than every other payloads are utilized.