I have Meraki SM and lots of iOS devices (mostly registered via DEP) in my network.
I have a WPA2-Enterprise wireless-network where i’d like to add the phones to.
Due to the problem that credentials cannot be empty from iOS 9+ on) i can not push the wireless profiles.
Hardcoding a username is not an option.
Has anyone found a way to accomplish that ?
Or how are others solving the problem with pushing wire less profiles ?
(Sentry is also an option but somehow does not work until now... will have to dig deeper into it...)
You could use a Systems Manager "Sentry" based WiFi system, which uses certificates, and can be automated.
Failing that, don't deploy the WiFi profile. All the user has to do is click on the WiFi network and put in their username/password. Another option would be to deploy it with a dummy username/password. With any luck when the device fails to authenticate it will ask the user for their username/password.
Have you tried creating an Apple Configurator profile and uploading that to Meraki as as file? The file Apple Configurator creates will be XML that can be edited - Random Github example 😄
It only needs to contain your Wi-Fi. You can can then use other profiles for everything else.
I can vouch for EAP-TLS implementation as mentioned above although since you already have a WPA2-Enterprise network, what does it authenticate against? A Radius server or AD?
I am also interested in this topic. Every user just authenticates and accepts the AD certificate. I could never get this automated. Following.
So i have about 120 Ipads in the field ,, they are used in Schools, now mind you i do not work the the school system , but i had to contact them for access to the schools wifi , Obviously i use Meraki Sm but the school use Aruba for their AP's
they had to give me a Certificate which i added to a profile and then i also setup a WIFI config with in that same profile , they also provided a username and pw which is pushed out to all of the Ipads ,, ive also done the same this to our chromebooks but that is done only through the Google Admin Console
On other Ipads not in schools i have Multiple Wifi profiles for other staff ipads , to connect with out having to worry about SSID and pw,, it either autoconnects or they just select which one and push on the ssid ID and it connects
i know this doesn't directly answer your question , but it is possible to push wifi profiles out
For the Apple Configurator profile i need to use a MAC computer, correct ?
Or do i have the chance to create a mobileconfig on Windows...
I'd expect to get it working on Meraki alone 😉
so what i would expect is:
I have some SCEP CA that hands out certificates to the mobile devices.
So the device should be able to authenticate with this certificate against the NPS server (EAP-TLS ?)
So what do i have to configure at the NPS side (i guess enable "Microsoft: Smartcard- or other certificate").
But what would i configure in Meraki MDM to push out this profile then ?
Apple Configurator 2 worked best for me, then I just uploaded and distributed. Make sure you include the certificate and Wi-Fi in the same profile so they get installed at the same time.
but then i need to have a mac for the profile manager to be installed, correct ?