I have been trying to set up Profile Manager, the MDM solution included on OS X Server. Profile Manager is connected to Active Directory, and pulling out information from there. The solution is running on OS X 10.7.3. The profile seems to work fine for email, ldap and vpn. But not for Wi-Fi. In our organization we’re running WPA Enterprise authentication for accessing our Wi-Fi services. The 802.1X authentication methods are EAP-TTLS and PEAPv0 (EAP-MS-CHAP v2) and Directory Authentication is enabled.

A trusted certificate has been added to this part of the profile (AddTrust External CA Root) and the same goes for the following Trusted Server Certificate Names: AddTrust External CA Root, TERENA SSL CA and UTN-USERFirst-Hardware.

I am not sure that Directory Authentication should be enabled. In fact, I first tried using a payload variable (%short_name%) also for configuring Wi-Fi. Problem is then that the profile is not accepted cause of lacking password. Directory Authentication is on the other hand not pulling the needed information from Open Directory / Active Directory and username and password is later not accepted on the device when trying to connect to Wi-Fi.

I’ve been searching forums and support pages, but not found any good information on how to solve the problem. Any suggestions out there?

Update: 10.7.4 is now released with lots of bug fixes for Profile Manager, among them “using profiles to join 802.1x networks”. I was fast to update the server, but seem to have the same problems still.