I certainly do have concerns about this being the right way to 'fix' the issue. Sticking plaster on the client behaviour this is..
Thanks -- ian Sent from my phone, please excuse brevity and misspelling. ________________________________ From: Dan Brisson<mailto:dbris...@uvm.edu> Sent: 23/01/2014 14:41 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] OS X 802.1x auth issue +1 to that. -dan On 1/23/2014 9:28 AM, Wright, Don wrote: Anyone have concerns about making the trust setting changes to the certificate chain? I'm thinking of the intermediate certs mostly. Setting "always trust" on a client machine just makes me a little uncomfortable. - Don On Tue, Jan 21, 2014 at 12:13 PM, Ian McDonald <i...@st-andrews.ac.uk<mailto:i...@st-andrews.ac.uk>> wrote: I'd be more interested in a method for doing this in a .mobileconfig file, or for them to fix it in a manner that doesn't involve us having to mess about on the clients. -- ian -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Michael Dickson Sent: 21 January 2014 17:06 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] OS X 802.1x auth issue Is anyone working on (or successfully implemented) a scalable, automated(?) solution to change the SSL to 'Always Trust' for target certs and distributed this to their client devices en masse? x-press-con-nect folks offered a glimmer of hope for adding this feature to their routine but I was wondering if we could do something quicker. Has anyone tweaked Apple's command - suggested in their KB article - into an Applescript for distribution? As the cert is already installed on the devices I would thing some modification is needed. http://support.apple.com/kb/TS5258 Michael Dickson Network Analyst Office of Information Technologies University of Massachusetts Amherst Voice 413.545.9639<tel:413.545.9639> On Jan 21, 2014, at 7:41 AM, Tim Cappalli <cappa...@brandeis.edu<mailto:cappa...@brandeis.edu>> wrote: > Absolutely! This is huge. They never, ever (ever ever ever) admit there is an > issue. Maybe we're seeing some change at the fruit? > > > (Unlikely, but it's nice to dream) > > > Tim Cappalli | ACCP / ACMP / CCNA > Network Engineer | Brandeis University > cappa...@brandeis.edu<mailto:cappa...@brandeis.edu> | (617) > 701-7149 > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv > [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] > On Behalf Of Joel Coehoorn > Sent: Friday, January 17, 2014 7:58 PM > To: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > Subject: Re: [WIRELESS-LAN] OS X 802.1x auth issue > > Even acknowledging the issue is a huge help for me: Mac people have a hard > time believing Apple could possibly have done anything wrong with their > device until you have something like this to point to. Until Apple own > recommendation is to change the setting on the device, their view is the > problem *must* be in the network. > > Sent from my iPad > > On Jan 17, 2014, at 5:14 PM, Marcelo Lew > <marcelo....@du.edu<mailto:marcelo....@du.edu>> wrote: > > Looks like Apple finally sort of "admitted" of an issue with 802.1x > authentication, several months later and most of us already knew this > work around, but better late than never J > > http://support.apple.com/kb/TS5258 > > > <image001.png> > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found > athttp://www.educause.edu/groups/<http://www.educause.edu/groups/>. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.