Archived - Mac OS X 10.4: Joining an 802.1X network at Mac OS X login
You can connect to an Ethernet, AirPort, or other wireless network that is secured with 802.1X when you log in when user accounts are authenticated against a network server. Before Mac OS X 10.4.6, you had to first log in to the computer before you could connect to the 802.1X-secured network. This article applies to Mac OS X 10.4.6 through 10.4.11.
An administrator can use Internet Connect to set up automatic 802.1X authentication at login. To implement automatic 802.1X authentication at login, the system administrator must configure the computer with a valid 802.1X configuration for Mac OS X to use. Once configured, when a network user enters their user name and password at the Mac OS X login window, the system attempts to connect to the 802.1X network with the same user name and password. This connection is necessary to authenticate the user to a network server.
Note: Network connectivity may require additional hardware and/or an ISP.
Configure Accounts preferences
- Automatic login must be disabled if you want to use 802.1X login authentication—deselect the Accounts preferences "Automatically log in as:" option.
- Also in Accounts preferences, make sure the "Display login window as:" choice is "Name and password".
Configure Network preferences
- Open Network preferences.
- Delete all AirPort "Preferred networks" by selecting them and clicking the Delete (-) button.
- Click Options...
- From the "If no preferred networks are found:" pop-up menu, choose "Keep looking for recent networks".
- Deselect "Automatically add new networks to the preferred networks list".
- Click OK.
Set up login authentication configurations in Internet Connect
An administrator (any user account with administrator level privileges on the computer) uses Internet Connect to create an valid 802.1X profile.
- Open Internet Connect (/Applications/Internet Connect).
- From the File menu, choose New 802.1X Connection....
- In the Configuration pop up, select Edit Configurations.
- Type a name for the configuration, select whether you'll be connecting to an Ethernet or AirPort 802.1X network, and choose which Authentication methods you want to use. Leave the user name and password fields blank.
- Click OK. You should now have an 802.1X configuration ready to use.
- Click Connect to attempt to join the 802.1X network as a test. You may be presented with a dialog asking you to verify a certificate, depending on the 802.1X authentication server. If you are confident in the validity, verify the certificate information and click Continue.
- When prompted for your 802.1X network credentials, enter a valid user name and password, then click OK.
- If your credentials are validated you will be connected to the network. Internet Connect will show the authentication method used and connection time.
- Now that this configuration has been verified, export the configuration so it can be used at the Mac OS X Login Window: From the File menu, choose Export 802.1X Configuration to Login Window.
- Log out and test logging in at the login window.
Note: The user's login credentials on the network user authentication server should match the user's 802.1X network credentials.
Removing configuration information from the Login window
If you want to remove configuration information from Login Window, log in as an administrator. In Terminal type or paste the following on one line:
defaults delete /Library/Preferences/com.apple.loginwindow NetworkAuthConfigList
Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.