Great question, I was surprised to not see the + in the 802.1X window. When I associated to the secure SSID a dialog box popped up asking for username and password. I think the credentials are added to the keychain at that point.
You can also use Lion server to create a profile. I haven't tested this but more information can be found here: http://support.apple.com/kb/HT4772 -d From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Palmer IV, Daniel Sent: Friday, August 05, 2011 9:43 AM To: [email protected] Subject: Re: [WIRELESS-LAN] MacOS Lion & Wireless Password Resets In your test machine. How did you create your 802.1x profile? dp Daniel Palmer University Technology Services (UTS) Emory University Atlanta, GA 30322 404.727.5297 (office) 404.213.1643 (mobile) From: David Blahut <[email protected]> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]> Date: Fri, 5 Aug 2011 09:13:43 -0400 To: <[email protected]> Subject: Re: [WIRELESS-LAN] MacOS Lion & Wireless Password Resets I did some Lion testing yesterday on our 802.1X secured SSID and discovered the following while watching the RADIUS logs: The laptop had two accounts set up on it, mine and another 'tester'. If you simply switched users the machine would reauthenticate but still use the other username/password (the account switching from). If the laptop was restarted or shut down and started back up the correct username/password would be used to log into the wireless no matter what user was logged in when the restart was initiated. I don't necessarily think this is a big problem in our environment but I can see where it could be in others. -d From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Holland, Ryan C. Sent: Thursday, August 04, 2011 5:01 PM To: [email protected] Subject: [WIRELESS-LAN] MacOS Lion & Wireless Password Resets I have finally got my hands on MacOS 10.7 (lion) and have started running it through wireless tests. One item I find very worrisome is this: - Via WPA2-Enterprise (PEAP/MSCHAPv2), I connect to the SSID using username & password1; these credentials are then stored in the keychain - If I change my password to, say, "password2", then the next time I connect, the Mac fails authentication It seems that the Mac, if failing authentication, never prompts for the username & password to be reentered. Our university is soon to roll-out and enforce a 90-day password policy, and I am concerned that users will be unable to authenticate and forced to remove the password from their keychain. Have any of you run into this similar issue? If so, how do handle this behavior? (I don't recall it being this way in MacOS 10.6 or 10.5) ========== Ryan Holland Network Engineer, Wireless Office of the Chief Information Officer The Ohio State University 614-292-9906 [email protected] Submit a Kudos to an OCIO employee! <http://www.surveygizmo.com/s/514095/giveociokudos> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. _____ This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
