802.1x and Macintosh OS X in a wired environment

By Jeff in Alberta ·
As we move forward and upgrade out network hardware, security has been a major priority. We are getting rid of old managed switches and installing a line of 802.1x enabled switches allowing computer as well as end user authentication to happen really a Windows environment.

The kicker here is that about 40% of our computers are Macintosh running various flavours of OS X (10.3 through 10.5) (we are a public school board)

I would really like these units to use the 802.1x through windows IAS (integrated with Active Directory) and certificates and work as well as our windows machines.

We have tested using the built in AD config within OSX as well as other after market products which integrate the Mac with AD. (Admit Mac and MacAdmin) So far nothing has worked well. We can get the end user to enter Internet Connect within the Mac and enter their credentials a second time once they are logged into a local account but double login is not an option around here. We have tried unsuccessfully to force the 802.1x credentials out to the login window as written in the Mac help text but this has not worked as we wish either.

Has anyone been successful in integrating the Mac running OSX into an 802.1x wired network.

Thanks for your assistance on this.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

802.1x and Macintosh OS X in a wired environment

by ruffhousen In reply to 802.1x and Macintosh OS X ...

We too have enabled a secure LAN technology for both our wired and wireless networks utilizing layer managed switch's as well. This configuration includes active directory, radius (IAS), and our management software for the switches.

This type of configuration to allow us various levels of network services, for instance we have defined about 10 VLAN's one of which prevents users from accessing the production network if the PC does not meet the minimum level of security and virus patch updates.

For systems that that can't be joined to Active Directory we create a computer account based on the hardware address of the device, such as printers, WAP, UPS, and OS X clients.

When apple released OS X 10.4.6 we were able to configure both AD integration and 802.1x login authentication. The 802.1x authentication configuration was configured using information from this link However, with the release of OS X 10.5 the Internet Connection utility is no longer included, and the new method does not appear to be working prior to a user login to the system.

While we can get 802.1x to work on OS X 10.5 it's only after a user logs on with a local user account, and then proceed to the networking preferences to established a connection. This makes the AD configuration useless and we too need another solution.

Related Discussions

Related Forums