802.1x Machine based certificate authentication on Apple MacOS devices

Getting noticed

802.1x Machine based certificate authentication on Apple MacOS devices

I cannot get machine based authentication to work on MacOS devices. This is using my RADIUS server. The RADIUS server does not accept the machine certificates.


It is fine on Windows and fine with user authentication.


Just wondering if anyone else has had similar issues?



Kind of a big deal

Apple is outside my area.


Start with your RADIUS server log.  Does it say it has permitted the connection?

If it denied the connection - what reason has it logged?

If it permitted the connection then turn your attention to the iOS device.


What error is the iOS device permitting?  Does it need a root certificate installed to trust your RADIUS server certificate?

Hi @PhilipDAth 


It looks like I have I have the same issue as discussed in https://community.meraki.com/t5/Wireless-LAN/Windows-Radius-vs-Meraki-Radius-with-Win-7-Win-10-macOS...


There you suggest the Sentry Wi-Fi solution, however would this be not encrypted over the air?


Using EAP-TLS I get the same issue where the certificate is not accepted on the MacOS devices and user is prompted for login credentials.


Ideally we would like both MacOS and Windows devices on the same SSID, authentication by machine with no need to enter credentials each time.


Is there an accepted solution?

Getting noticed

I'm not sure this is possible.  I solved this by authenticating the "user" AND the "mac address" of the device in radius.


You may want to take a look at this thread:  https://community.meraki.com/t5/Wireless-LAN/iOS-and-WPA2-with-Radius-Authentication/m-p/58804#M8834



Getting noticed

I am clearly not an apple expert! Sorry I failed to specify this is MacOS devices not iOS devices. I have now updated the post. Thanks for you help though!

Kind of a big deal

I think it will be particularly tricky to do machine based authentication for Mac devices.


I suspect you will need to deploy certificates to the Mac machine accounts somehow, and use certificate based authentication.




I think this should tackle the certificate deployment.


Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.