Help

Wifi authentication and FileVault 2 Encrypted Machines

Go to solution
mvught
Contributor

Posted on ‎11-21-2014 11:29 PM

We have a problem with our current Wifi authentication and FileVault 2 Encrypted Machines: Our laptop users log in with a domain account and password and our wifi is applied via a configuration profile and authenticated with certificates and the domain credentials at login. On non-encryptd machines this works fine.

On encrypted machines our authentication to the wifi fails since it seems that the EFI must be unlocked first before you can authenticate. If we login from the FileVault2 login, logout of the account to the standard login window and then login again the authentication works fine.

Has anybody else experienced this or have any ideas on why this may be happening?

0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
CGundersen
Contributor III

Posted on ‎11-24-2014 12:17 PM

Not sure if this will get you closer?:

http://support.apple.com/en-us/HT202842

sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES

View solution in original post

0 Kudos

Go to solution
mvught
Contributor

Posted on ‎11-24-2014 12:21 PM

I had a chat with @rtrouton and it works like a charm!! Thanks a lot rtrouton

I followed the instructions at the following link to disable automatic login after the boot screen. http://support.apple.com/kb/HT5989

And the following scripts are running after the encryption policy
https://github.com/golbiga/Scripts/tree/master/DisableFDEAutoLogin

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
WUSLS
New Contributor

Posted on ‎11-23-2014 03:13 PM

I am have a similar configuration as well. Any input on the above would be great! We won't have any unmanaged machines in my environment, however we just resolved this in our Windows systems. Anyway, any thoughts would be greatly appreciated.

0 Kudos

Go to solution
perrycj
Contributor III

Posted on ‎11-24-2014 12:09 PM

This is more of a guess and kind of what I did when I had FV2 and Enterprise WiFi at a past job. Can you hardcode the network SSID and it's certificate that you want them to connect to into the user template? Therefore the network is there automatically and once they log in they would just authenticate to connect because their user account is enabled to unlock the disk for FV2. This worked for me in the past on 10.8 and 10.9.

You could probably hardcode it into the user template folder, and/or into your image.

0 Kudos

Go to solution
CGundersen
Contributor III

Posted on ‎11-24-2014 12:17 PM

Not sure if this will get you closer?:

http://support.apple.com/en-us/HT202842

sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
0 Kudos

Go to solution
mvught
Contributor

Posted on ‎11-24-2014 12:21 PM

I had a chat with @rtrouton and it works like a charm!! Thanks a lot rtrouton

I followed the instructions at the following link to disable automatic login after the boot screen. http://support.apple.com/kb/HT5989

And the following scripts are running after the encryption policy
https://github.com/golbiga/Scripts/tree/master/DisableFDEAutoLogin

0 Kudos