OSX clients

EAP-TTLS (name + password auth)

OSX machines require a provisioning file be installed on the device. A Foxpass administrator can create this file by visiting this page and creating one for the Foxpass-enabled SSIDs in your organization.

Click the 'Download Config' button:

WiFi Networks config pageWiFi Networks config page

WiFi Networks config page

All users can download the file from the 'My Settings' page.

Then click on the .mobileconfig file to install it.

Adding the configAdding the config

Adding the config

You can optionally save your Foxpass username and password to your system's keychain. This will prevent you from having to re-enter it every time you connect to the network.

Optional Wi-Fi configOptional Wi-Fi config

Optional Wi-Fi config

OSX will then prompt you to enter your system password in order to save the changes. Just connect to the Wi-Fi network and you're good to go!

A note on password changes

OSX devices can struggle with RADIUS when you change your password. Currently, these devices assume your password is still correct and silently retry the authentication, blaming network errors when authentication continues to fail. This can be particularly troublesome when you have a lockout policy for authentication attempts. You can avoid this behavior by forgetting and re-adding the network or removing and re-adding the profile after changing your password. This behavior can change with OS updates, so we can't guarantee you'll have the same experience across all your devices.

EAP-TLS (certificate-only) with JAMF

To enable debug logs on Mac OSX

  • Hold Option and click the Wi-Fi menu
  • Choose 'Enable WiFi Logging'
  • Attempt to connect
  • Open a shell and enter either:
log show --predicate 'subsystem contains "com.apple.eapol"' --info --debug --last 5m

or to see a live tail of the logs:

log stream --predicate 'subsystem contains "com.apple.eapol"' --info --debug