Support Center

EAP-TTLS/PAP configuration on Mac & iOS Devices for JumpCloud RADIUS clients

Additional configuration is necessary if opting to use EAP-TTLS/PAP authentication for wireless clients. JumpCloud recommends when possible to utilize PEAP for authentication, as no additional configuration is necessary with rare exceptions.  Please refer to Configuring your WiFi Clients to use JumpCloud RADIUS for additional information.
 




Prerequisites:


For Apple products, administrators can purchase a $20 upgrade to Mac Server to generate profiles, or can leverage for free Apple Configurator 2. The instructions below walk step by step through this process utilizing Apple Configurator 2.



Creating the Profile with Apple Configurator

 
  1. Download the RADIUS server certificate to your local system
  2. Open Apple Configurator 2 from your Applications Folder
  3. Click on Apple File Menu at the top of your screen and choose New Profile. Alternatively press ⌘N


     

  4. Select Certificates from the left navigation and choose Configure



     
  5. Browse to the folder you chose to download from Step 1, select the file and hit Open
  6. Select Wi-Fi from the left navigation and choose Configure




     
  7. Once in this screen, you should apply these settings as seen below:

     
  8. On the Wi-Fi page, Hit Trust under Enterprise Settings


     
  9. Check the radius.jumpcloud.com certificate box which was added in Step 6 & 7
  10. Hit Save
  11. Due to the fact you left the username blank, it will trigger this screen upon saving


     
  12. Hit Save Anyway
  13. Click General from the left navigation
  14. Enter in a Name for the Profile and select the remaining profile settings you choose then hit Save

     
  15. To distribute, click the Apple File menu at the top of your screen and click Sign Profile...

Saving the Profile on Mac


  1. Search for and open the Profiles utility on the Mac where the Profile is to be saved
  2. Select the Add Profile symbol

     
  1. Select the Profile you saved while creating the WiFi profile per the steps above
  2. You will initially be prompted to confirm you want to install the profile. Click Continue 
  3. You may be prompted to ensure you want to continue to install the profile. Click Continue
  4. When installing, you will be prompted for a user name which can be left blank. Click Install 
  5. When prompted, sign in to the Mac with administrator privileges. 
  6. The Profile will then be successfully installed
  7. Note that it is recommended to remove other profiles to ensure there are no conflicts. 

     

Logging into the RADIUS-Integrated WAP

 
  1. Select your Wireless SSID you input in your Apple Configurator Profile 

  2. You will be prompted to see the certificate for the JumpCloud RADIUS server 

  3. You will then be prompted to authenticate against the RADIUS 
 

Removing Wireless Network Profile


If you choose to utilize PEAP for authentication instead of EAP-TTLS/PAP, or are possibly looking to remove the service, you will be required to delete the existing wireless connection.  After the connection has been successfully removed you may again connect to your WAP or Router device using non-EAP-TTLS methods.  No additional configuration is required for PEAP with JumpCloud RADIUS, so with the old profile removed the user may connect to networking device normally.
  1. Click on the Apple menu and choose System Preferences...
  2. Select Profiles
  3. Click on the wireless network that applies to your RADIUS EAP-TTLS configuration in the left pane
  4. Once selected, click the - (minus) displayed at the bottom-left of the window to delete
 

Last Updated: Oct 20, 2017 04:49PM MDT

Related Articles
desk-forwarding@jumpcloud.com
http://assets0.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete