802.1x + Login Window profile auth doesn't stay connected to Wi-Fi in user session
| Originator: | arubdesu | ||
| Number: | rdar://19915394 | Date Originated: | 21-Feb-2015 10:38 PM |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | Mac OS X 10.10.3 (14D72i) |
| Classification: | Other Bug | Reproducible: | Sometimes |
Summary: 802.1x + Login Window profile auth doesn't stay connected to Wi-Fi in user session. We use (PEAP) 802.1x to auth to Wi-Fi, and auth’ing to Wi-Fi once at the login window isn’t enough - worse, we either aren’t immediately prompted for auth or it fails to connect altogether. Steps to Reproduce: 1. Deploy login window profile to computer (setting hidden SSID and fact it’s WPA2 auth from Active Directory, PEAP-flavored) 2. as standard user, log in to computer as AD user Expected Results: Computer is still connected to network when arriving at desktop, keychain entry is added as necessary without prompting user, SSO-style Actual Results: Auth is separately prompted, but intermittently fails to prompt and network must be removed before auth succeeds Regression: 10.0-10.2 Notes: Affected install count: 423 Macs at Montefiore Medical Center, NY, more at affiliated Albert Einstein School of Medicine Recently, a users password change caused connection failures because prompting for auth never appeared(10.10.2). Will update when resolved, looking at combination of security command to delete item from system keychain or other possible auth cache. Users running without admin complicates matters as well, since standard users cannot delete items from system keychain.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!