WiFi Single Sign On in Lion & Mountain Lion — Login Window 802.11x

In Snow Leopard and past versions of Mac OS X, a login window WiFi profile could easily be added to a computer in the Network portion of System Preferences. Unfortunately, Apple removed the ability to add these profiles without the use of Lion Server or Mountain Lion Server.

While it is possible to create a WiFi “mobileconfig” profile using the iPhone Configuration Utility, these profiles do not support login window authentication. These files can be manually hacked, but this post does not cover how to do that. In my experience, these hacked profiles do not work as well as the mobileconfig profiles created using the officially-approved Apple way.

Setting up Profile Manager in Server app

On the Lion Server, open Server app and under Services, turn on “Profile Manager.”

Click “Configure” to turn on “Device Management.” If you do not already have an OpenDirectory domain configured, Server app will walk you through the basic setup. *Note: You must enable Device Management. If you do not, you will not be able to set the login window options.

Finally, click the link to “Open Profile Manager.” This will open Safari where you can put in your server admin name and password.

Create the mobileconfig profile with Profile Manager

Once Profile Manager is open, click Device Groups under the Library section, and click the plus icon to add a new device group, and give the group a name:

Click the Edit button, and then click the General section and enter a description of the profile. I suggest setting it to “Manual Download” unless you know you want to automatically push the configuration to devices.

OPTIONAL: Click the Certificate section and import the certificate used by your WiFi system.

Click the Network section, and fill in the SSID, choose whether this should be a login window profile, and select appropriate protocols. If you imported a certificate, click the Trust tab and select the imported certificate so that users are not prompted to select the certificate.

Click the Save button, and then click Download to download a mobileconfig file which can be imported on your client Macs.

Import the configured profile on client Macs

Once you are done configuring your profile in Profile Manager, make sure to download the mobileconfig file. Double-click this on a client Mac to add the configured profile to the “Profiles” section of System Preferences.

The Profiles preference pane only appears when at least one mobileconfig profile has been set. You can manage and/or delete profiles from this pane.

Possible Profile Manager error: “Not Found – The requested URL /wiki was not found on this server”

If you receive the above error message after turning on Profile Manager and logging in, try the following steps, as documented in this Apple forum post:

  1. Turn off all services under Server app.
  2. Under Hardware, settings, change SSL certificate to “none”
  3. Under Hardware, network, reset host name again.
  4. Under Hardware, settings, change SSL certificate back to correct one
  5. Turn Web service ON.
  6. Turn Wiki service ON
  7. Recheck Web service.  It should be changed to /Library/Server/Web/Data/Sites/Default.

Disabling Device Management and clearing the database:

The following command will completely wipe the Profile Manager database and disable Device Management. CAUTION: This will erase all configured Profile Manager settings!

Comments

comments

Be the first to comment

Leave a Reply

Your email address will not be published.


*