macOS clients

EAP-TTLS (name + password auth)

macOS machines require a provisioning file be installed on the device. A Foxpass administrator can create this file by visiting this page and creating one for the Foxpass-enabled SSIDs in your organization.

Click the 'Download Config' button:

559

WiFi Networks config page

All users can download the file from the 'My Settings' page.

Then click on the .mobileconfig file to install it.

657

Adding the config

You can optionally save your Foxpass username and password to your system's keychain. This will prevent you from having to re-enter it every time you connect to the network.

655

Optional Wi-Fi config

macOS will then prompt you to enter your system password in order to save the changes. Just connect to the Wi-Fi network and you're good to go!

A note on password changes

macOS devices can struggle with RADIUS when you change your password. Currently, these devices assume your password is still correct and silently retry the authentication, blaming network errors when authentication continues to fail. This can be particularly troublesome when you have a lockout policy for authentication attempts. You can avoid this behavior by forgetting and re-adding the network or removing and re-adding the profile after changing your password. This behavior can change with OS updates, so we can't guarantee you'll have the same experience across all your devices.

Enabling Wi-Fi debug logs on macOS

  • Hold Option and click the Wi-Fi menu
  • Choose 'Enable WiFi Logging'
  • Attempt to connect
  • Open a shell and enter either:
log show --predicate 'subsystem contains "com.apple.eapol"' --info --debug --last 5m

or to see a live tail of the logs:

log stream --predicate 'subsystem contains "com.apple.eapol"' --info --debug