{"id":3820,"date":"2017-03-11T16:27:25","date_gmt":"2017-03-11T14:27:25","guid":{"rendered":"http:\/\/bygden.nu\/jonas\/?p=3820"},"modified":"2017-04-13T21:27:59","modified_gmt":"2017-04-13T19:27:59","slug":"automatic-authentication-of-802-1x-for-wired-macs","status":"publish","type":"post","link":"https:\/\/bygden.nu\/jonas\/index.php\/2017\/03\/11\/automatic-authentication-of-802-1x-for-wired-macs\/","title":{"rendered":"Automatic authentication of 802.1x for wired Macs"},"content":{"rendered":"<p>When I became responsible for the Macs we were using a <em>manually<\/em> created, <em>individual<\/em> cert (in the AD) for each Mac connecting to our internal network.<\/p>\n<p>Via <a href=\"https:\/\/macmule.com\/2015\/09\/06\/osx-ad-certificate-requests-some-tips\/\">this post<\/a> by <a href=\"https:\/\/macmule.com\">Ben Toms<\/a> and some guidance by James Turner I managed to automate the creation of (still) individual certs.<\/p>\n<p>We have primarily Windows desktops and laptops in our company, and for them it &#8220;just works&#8221; when bound to our AD, why couldn&#8217;t I get that with the Mac&#8217;s as well?<\/p>\n<p>So, together with one of our Windows techs I created a Config Profile containing our CA-root Cert and config to use EAP-TLS to get authenticated, it does however require an AD-computer object, which I create by binding to the AD beforehand, then it&#8217;s just a question of adding the computer object to the correct SG in the AD to get an IP-address on the correct subnet (depending on what department you work at).<\/p>\n<p>I&#8217;ve had a lot of help from <a href=\"https:\/\/gitlab.com\/Mactroll\">Joel Rennich<\/a> in trying to understand this, but I&#8217;m not comfortable enough with my understanding about how this actually work to be able to present it to a technical crowd yet.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When I became responsible for the Macs we were using a manually created, individual cert (in the AD) for each Mac connecting to our internal network. Via this post by Ben Toms and some guidance by James Turner I managed to automate the creation of (still) individual certs. We have primarily Windows desktops and laptops &#8230; <a title=\"Automatic authentication of 802.1x for wired Macs\" class=\"read-more\" href=\"https:\/\/bygden.nu\/jonas\/index.php\/2017\/03\/11\/automatic-authentication-of-802-1x-for-wired-macs\/\" aria-label=\"Read more about Automatic authentication of 802.1x for wired Macs\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[],"class_list":["post-3820","post","type-post","status-publish","format-standard","hentry","category-dagbok"],"_links":{"self":[{"href":"https:\/\/bygden.nu\/jonas\/index.php\/wp-json\/wp\/v2\/posts\/3820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bygden.nu\/jonas\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bygden.nu\/jonas\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bygden.nu\/jonas\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bygden.nu\/jonas\/index.php\/wp-json\/wp\/v2\/comments?post=3820"}],"version-history":[{"count":7,"href":"https:\/\/bygden.nu\/jonas\/index.php\/wp-json\/wp\/v2\/posts\/3820\/revisions"}],"predecessor-version":[{"id":3835,"href":"https:\/\/bygden.nu\/jonas\/index.php\/wp-json\/wp\/v2\/posts\/3820\/revisions\/3835"}],"wp:attachment":[{"href":"https:\/\/bygden.nu\/jonas\/index.php\/wp-json\/wp\/v2\/media?parent=3820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bygden.nu\/jonas\/index.php\/wp-json\/wp\/v2\/categories?post=3820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bygden.nu\/jonas\/index.php\/wp-json\/wp\/v2\/tags?post=3820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}