Browse Prior Art Database

User based automated wifi setup and authentication to Active DIrectory Radius /IAS servers for Mac OSX 10.8 in a one click application

IP.com Disclosure Number: IPCOM000228092D
Publication Date: 2013-Jun-05
Document File: 4 page(s) / 557K

Publishing Venue

The IP.com Prior Art Database

Related People

Alfred Aleman: AUTHOR [+3]

Abstract

Create an application that would do the configuration automatically and create the connection to active directory to authenticate the user and download the certificates without using email. Open the application and it will require a confirmation of your password which authenticates to AD, downloads the personal certificate, private keys and applies these items to the user that is logged into the systems keychain. No need for user configuration of the system.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 4

Problem: Active Directory User based certificate secure wireless authentication requires the use of signed certificates to connect to internal wireless system. Window machines download and apply certificates automatically with login. Macintosh machines don't authenticate the same way to AD so certificates had to be requested through a web portal which emailed the certificates and then the user had to manually import and do configuration on the wireless connections to make the secured connection with the wireless system.

Solution: Create an application that would do the configuration automatically and create the connection to active directory to authenticate the user and download the certificates without using email. Open the application and it will require a confirmation of your password which authenticates to AD, downloads the personal certificate, private keys and applies these items to the user that is logged into the systems keychain. No need for user configuration of the system.


A. Create the .mobileconfig file with an AD payload:

We used Apple's OSX Server to create the .mobileconfig template that will prompt for authentication. This is delivered using a webpage and a request from the end point. Open Profile manager configuration page and edit the configuration for Everyone.

Configured the General Payload with:

Organization field with Company name Description field blank

Consent field blank

Security field with Always Option

Automatically Remove File field with Never option

Configured the Network Payload with:

Network Interface field with the Wi-Fi option

SSID field with your company's SSID (could be the name of anyone's network SSID) Hidden Network option checked

Auto Join option checked

Proxy Setup field option set to None

Security Type field option set to WPA / WPA2 Enterprise

Netowrk Security Settings - Protocols options set to:

Accepted EAP Types checked

Identity Certificates set to AD Certificate: Certificate for client and machine or device authentication.

Trust Settings left blank on all options

Configured the AD Certificate Payload with:

Description field with Certificate for client and machine or device authentication. Certificate Server field with the name of your Radius / IAS server

Certificate Authority field with the friendly name of the Radius / IAS server Certificate Template field with the AD template named used for authentication Prompt for credentials option checked


Page 02 of 4


B. Export and generalize the .mobileconfig file with an AD payload:

Go to the Profile Manager template page by visiting the User Portal on the OSX Server. Click the Profiles button to change view. Click the icon to install the Profile Settings for Everyone. C...