Wi-Fi Enterprise and 802.1X encryption in Mac OS X

In this tutorial, I will show you how to configure and connect WPA / WPA2-Enterprise networks in Leopard and 10.6 Snow Leopard.

Connecting to an 802.1X network

Let's first learn how to connect to an 802.1X network without creating a profile.

If the EAP type is enabled by the RADIUS server as TLS, then you must install the client security certificate for Mac OS X. However, PEAP and TTLS protocols do not require this client certificate.

Now to connect, select the wireless network from the AirPort menu on the top of the desktop as you see it on any network.

If PEAP or TTLS is active, you will be prompted to log in, as shown in Figure 1 below. Enter user name and password. If you want to save your login credentials so that you don't need to enter them again the next time you log in, select Remember this network . Then click OK to continue.

If the RADIUS server certificate is not issued by the Certification Authority (CA) trusted by Apple, then you will be prompted to verify the server's digital certificate, as shown in Figure 2. Ensure that The certificate is issued to the correct domain and is issued by the correct CA. So you don't have to do this every time, just check the trust option. If everything is valid, click Continue to trust it and connect.

Create network locations

Mac OS X includes a network location feature, where you can apply network settings based on location. This is especially useful for laptops and if you will create a Window or System login profile for your 802.1X settings.

You can learn more about these profile types in the next section before doing so. If you will set up a simple User profile, you may not need to create network locations.

If you need it, here's how to create a network location:

You need to manually change the network location when you switch to another location.

Create 802.1X profile

Connecting to an 802.1X network is similar to what we have done, being able to save login credentials (if you choose to network), creating 802.1X profiles can still provide additional functionality. . Profiles can be streamline or enhance the login procedure, depending on the profile you create.

Let's take a look at some types of profiles:

Remember, if you use TLS-style EAP, then you must install a client security certificate for Mac OS X.

If you create a Login Window profile or System profile, you need to verify that you are connected to the Open Directory or Active Directory server. In 10.5, use Directory Utility: click Go> Utilities and open Directory Utility. In 10.6, click System Preferences > Accounts > Login Options .

To start creating a profile, call the 802.1X settings window: click AirPort icon > Open Network Preferences . On the Network window, click the Advanced button, select the 802.1X tab .

In 10.5, select the desired profile type with the Domain drop down menu.

In 10.6, click the Add button (plus sign) to select the desired profile type, enter a name for the configuration and press Enter .

---

If you have selected a User profile (see Figure 3):

If you select Login Window profile (see Figure 4):

If you want to disable this profile, go back to the 802.1X settings and click the Disable 802.1X Login button .

If you create the System profile (see Figure 5):

By default, you will be prompted to login when connecting to the network, which will automatically save the login credentials. To save them first, you can open the preferred AirPort network entry, enter the login credentials, click Remember this network , and Add .

If you want to disable this profile, go back to the 802.1X settings page and click the Disable 802.1X button .

Some tips during the process: