Main Nav

Colleagues, We are receiving calls from students complaining that after they have upgraded their Apple Mac to the latest OS (LION) they can no longer connect to our WiFi. We have been in touch with Aruba, our WIFI vendor, on this issue and apparently the issue is with the new Apple OS. Is anyone else experiencing this problem and if so what vendor are you using for your WIFI. Thank you Darrell K J.DarrellKulesza Chief Information Officer Dean College 99 Main Street Franklin MA 02038 Office: 508541 1864 Mobile: 781 856 6937 www.dean.edu

Comments

We are not. We have upgraded several internal machines with Lion and have not experienced the issue nor are we hearing from students about it. We run a Meraki wireless network. ___________________________________ Charles Keeler Mitchell College Office of Information Technology Chief Technology Officer (860) 701-5254
Darrell, We have Meru as our wireless and have seen some issues. We resolved them by: 1. Going into the Airport/WiFi and removing all Preferred Networks (related to the university) 2. Going into 802.1X and removing all User Profiles. Some customers had 25-30 user profiles for some reason 3. We would then go into the KeyChain and remove any profiles or certificates related to the university. 4. Restart 5. Reconnect and the issue was resolved. I would assume this is similar to when the customers upgrade their iOS devices and need to re-establish all of their network connections because of passwords being stored. Juan Torres Manager, Computer Helpdesk Certified HDI Support Center Manager ITIL Foundations V3 Certified Ohio Dominican University Phone: 614-253-3615
Darrell,

We are also experiencing problems with Lion and iOS5.  We are a Cisco shop and have opened a ticket with them.  The problems have been difficult to diagnose and resolve as they are intermittent and manifest different on various devices.

Joe
______________________________________
Joseph Moreau
Chief Technology Officer
State University of New York at Oswego
509 Culkin Hall
7060 State Route 104
Oswego, NY  13126
joseph.moreau@oswego.edu
315-312-5500 office
315-806-2166 mobile
315-312-5799 fax
______________________________________


Issues here too. We are HP Here are a few suggestions that may fix the problem till Apple admits / figures it out. Fix #1 1. Go to Preferences–>Network 2. Add a new location 3. In the Show: menu, go to Network Port Configurations 4. Make sure AirPort is checked (it should be by default) 5. Drag Airport to the top of the list (above Modem) 6. Click Apply and watch your signal meter. In about a second, it'll pop back to life. Fix #2 [quote] I have used Little Snitch software for several years, and it occurred to me that I might be able to use it to block any connections with the other network. Using the latest version (v.2), go to Preferences, or Little Snitch Configuration, choose Rules under the Window menu, and click the New button. In the pop-up window that shows up, click on the gear icon and choose "Choose System Process." A file open box opens, and under the folder "libexec," choose "airportd." "airportd" is the system daemon that controls the Airport card in the MacBook Pro. In the box that comes up, set the main menu to "Allow Connections" and the Server menu to "Local Network." [/quote] Fix #3 Set IPv6 to OFF (from Automatic) under the Advanced/TCPIP tab (in NW settings) Joel C. Robertson MBA-ITM Chief Information Officer King College 1350 King College Rd Bristol, TN 37620 www.king.edu
Lion OS X 10.7.2 addressed the network login issue for us but it caused a different issue with a GroupLogic program we used for joining Apple to our Active Directory printing services with ExtremeZ-IP.

Keith Nelson
Chief Technology Officer
Alma College

From: "Joseph Moreau" <joseph.moreau@OSWEGO.EDU>
To: CIO@LISTSERV.EDUCAUSE.EDU
Sent: Friday, October 28, 2011 8:46:02 AM
Subject: Re: [CIO] Apple LION OS issues with WiFi

Darrell,

We are also experiencing problems with Lion and iOS5.  We are a Cisco shop and have opened a ticket with them.  The problems have been difficult to diagnose and resolve as they are intermittent and manifest different on various devices.

Joe
______________________________________
Joseph Moreau
Chief Technology Officer
State University of New York at Oswego
509 Culkin Hall
7060 State Route 104
Oswego, NY  13126
joseph.moreau@oswego.edu
315-312-5500 office
315-806-2166 mobile
315-312-5799 fax
______________________________________


We have several machines on campus (mine included) that are running Lion on our wireless (Cisco) without a problem. HOWEVER, it did break Lync. Microsoft just released an update though here: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=27748 Tim Crouch Associate Director Networks and Operations The University of Texas at Tyler (903) 566-7476 tcrouch@uttyler.edu
Hi Darrell, I've been struggling with this for the past couple of weeks (specifically with 10.7.2 and an Aruba captive portal authentication), and I've got quite a bit of information, but have not yet overcome the issue. However, a main part of the struggle and lack of success is due to the specifics of our situation here (an honors college with students on multiple campuses, each with their own independent, not-always-cooperative, IT shops). I was able to talk at some length with one of the Aruba engineers at Educause last week, and that, along with a lot of other research, has led me to the following understanding (incomplete and provisional, but it might lead to some stronger conclusions, abhout which I would LOVE to hear). First--the core of the problem seems to be that in the Lion 10.7.2 upgrade two weeks ago or so, Apple introduced a couple of changes to the way authentication to a captive portal (like Aruba's) takes place. The idea seems to have been two-fold. First was to improve security by preventing attacks involving highjacking of the captive portal page (by checking the authenticity of the captive portal's certificate more thoroughly). The second was allow a webkit window (rather than a browser window) to be used for captive portal authentication. This is the way things were already working in iOS 5, and offers a bit of convenience to users. These two changes mean that after the upgrade, users are often not able to connect to the Aruba captive portal. In order to access the captive portal, the browser is waiting for the certificate's authenticity to be verified, but the verification server cannot be accessed until authentication has already taken place. So nothing happens. It should be emphasized (and this is something the Aruba engineer emphasized to me) that the security change in particular is one that WILL be affecting other browsers and other OS's, if it is not now. The problem with Aruba (and possibly other) captive portal configurations really does need to be fixed, and it really needs to be fixed on the Aruba device. There are two workarounds (at least) that users can do on their own computers. The first is within firefox ============= 1. Open a FireFox page. 2. Click on Firefox menu near the Apple 3. Preferences 4. Advanced tab then ( Encryption) 5. Validation 6. Uncheck the box that says "Use the online Certificate Status Protocol (OCSP) to confirm the current validity of certificates” 7. Close your browser and open up a new FireFox Page. ======== The second is within Apple's Keychain Access ============= Open Keychain Access. It's in Applications=>Utilities. Then in the Keychain Access menu at the top of the screen choose "Preferences..." Go to the pane labelled "certificates." Check the first two items there. (Online Certificate Status Protocol and Certificate Revocation List). Both should "Off." If they say "best effort" change them to "Off." Then you should be able to connect (may need to restart the computer, but maybe not). ================= Either or both of these will work--but neither will work permanently. In many cases they have to be restarted on every restart or awakening from hibernation. Additionally, in many computers it seems that the situation also extends to causing Keychain Access to refuse to load. Resetting the PRAM, and/or following this procedure ================= 1. Restart Lion, and before you hear the chime, hold down the Command and R keys. 2. You’ll be at the Repair Utilities screen. Click the Utilities item in the Menu Bar, then click Terminal. 3. In the Terminal window, type resetpassword and hit Return. 4. The password reset utility window launches, but you’re not going to reset the password. Instead, click on the icon for your Mac’s hard drive at the top. From the dropdown below it, select the user account where you’re having issues. 5. At the bottom of the window, you’ll see an area labeled Reset Home Directory Permissions and ACLs. Click the Reset button there. The reset process takes just a couple of minutes. When it’s done, exit the programs you’ve opened and restart your Mac. ================= to get things totally back to a clean state, also seems to get Keychain Access working again temporarily. But the real key, it seems, is to work with the settings (especially the security certificate) on the Aruba controller. This thread: http://airheads.arubanetworks.com/vBulletin/showthread.php?t=4451 on the Aruba users forum really explains the problem and some solutions. And there is some discussion on the Educause Network Manager list http://listserv.educause.edu/cgi-bin/wa.exe?A2=NETMAN;%2FhkQnQ;201110171... I would LOVE to talk further about this and get any more information people might have, either on-list or off. Thanks! Joe -- Joseph Ugoretz, PhD CIO/Associate Dean of Teaching, Learning and Technology Macaulay Honors College - CUNY 35 West 67th St. New York, NY 10023 212.729.2920 http://macaulay.cuny.edu
We run Enterasys Networks wireless -- no issues with 10.7. _______________________________________ Steve Swartz Chief Information Officer & Assistant Vice President Fitchburg State University 160 Pearl Street Fitchburg, MA 01420-2697 Office: 978-665-4444
HI Darrell.

We're an Aruba shop, too, and have been experiencing the same problem. In fact, I was one of the first victims of it here, so I've followed the issue as we've dealt with the line-ups. Our staff seem to have a resolution that's working. We added exceptions to the wireless firewall to allow Lion to check for revocation of our certificate used by Aruba (issued by IPSCA). Once these were added, the Lion (10.7.2) machines seem to be able to connect. Machines that had a corrupted certificate stuck in the login keychain may still need some repair and a reboot and then they work fine.

Our environment was stable all day yesterday and the only people coming to the HelpDesk were those who had a corrupted keychain before the change to the network. The front desk staff know what to do with these remaining issues and are resolving the issue quickly for the students when they show up.

If you need more information, please let me know and I'll be glad to connect our technical people with yours.

Best wishes,

Philip
Philip Wright, Ph.D.
Associate Vice President, Information Technology & Chief Information Officer
Brock University | Information Technology Services
Niagara Region   |  500 Glenridge Ave.  |  St. Catharines, ON  L2S 3A1
brocku.ca | T  905 688 5550  x5860  |  F  905 688 4191

On 2011-10-28, at 8:33 AM, Kulesza, Darrell wrote:

Colleagues,

We are receiving calls from students complaining that after they have upgraded their Apple Mac to the latest OS (LION) they can no longer connect to our WiFi.  We have been in touch with Aruba, our WIFI vendor, on this issue and apparently the issue is with the new Apple OS. Is anyone else experiencing this problem and if so what vendor are you using for your WIFI.

Thank you

Darrell K


J.DarrellKulesza
Chief  Information Officer
Dean College
99 Main Street
Franklin MA 02038

Office: 508541 1864
Mobile: 781 856 6937

www.dean.edu




********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Colleagues,

We had the same issues with our Aruba WiFi and Lion.  Attached is the fix that we found works and can be done by the individual user.

Best,

Cal

==================================
Cal Coursey
Office of Information Technologies
Associate Chief Information Officer
IT Systems and Infrastructure
Washington College
300 Washington Avenue
Chestertown, MD 21620
Phone:  410-778-7894
Fax:    410-778-7830
email: ccoursey2@washcoll.edu
web:   http://oit.washcoll.edu/is.php
==================================


Colleagues,

We are receiving calls from students complaining that after they have upgraded their Apple Mac to the latest OS (LION) they can no longer connect to our WiFi.  We have been in touch with Aruba, our WIFI vendor, on this issue and apparently the issue is with the new Apple OS. Is anyone else experiencing this problem and if so what vendor are you using for your WIFI.

Thank you

Darrell K


J.DarrellKulesza
Chief  Information Officer
Dean College
99 Main Street
Franklin MA 02038

Office: 508541 1864
Mobile: 781 856 6937

www.dean.edu



********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Cal et al., Disabling OCSP and CRL will make the problem go away for Macs and Firefox (on PCs) , but having a browser check the validity of a Certificate is an important line of defense for a computing device. I would advise against disabling those important services. What's happening in the case of the Aruba Portal is the following: In its initial state, the Aruba portal doesn't allow any external traffic to go through. A host joining the portal is being challenged with the certificate of the portal. The host needs to check the validity of the portal's certificate on an OCSP server, before it can join the network. The firewall of the portal blocks it! hence the failure. Here is a fix that will leave OCSP untouched: Include in the Portal's firewall a rule that allows hosts to check the OCSP server for the certificate stored on your portal. Here is the rule that we have at University of Tennessee: netdestination "Comodo OCSP" ###because we use Comodo for our certs! you will have to know the IP address of yours! host 91.209.196.169 host 199.66.201.169 netdestination "Comodo CRL" host 178.255.83.0 This said, it would be nice if Aruba could look those up by name and not by IP address (these IP addresses have changed in the past and broke connectivity. Rare but annoying) Regards, Philippe Hanset University of Tennessee Wireless-LAN CG leader eduroam-US project leader www.eduroamus.org
Well Lync broke for us as well but in a different way than reported on many posts. When off the network and running on wifi, Lync would load and run but about 5 minutes later it would disconnect. You could fire it up and it would run fine but eventually disconnect. We applied all of the patches but that didn't help. In the end the fix was as simple as deleting the wifi network entry and then recreating it. After that we didn't have any problems with it. ___________________________________ Charles Keeler Mitchell College Office of Information Technology Chief Technology Officer (860) 701-5254
Darrell,
 
We use Cisco NAC (aka CleanAccess) to authenticate our WIFI logins, with dozens of MacOS Lion clients online, and no troubles reported so far.
 
Kurt
 
Kurt E. Huenemann, Assoc. Vice President for Information Resources
HEIDELBERG UNIVERSITY
310 East Market Street
Tiffin, Ohio 44883
419.448.2351
keh@heidelberg.edu

Do not ever e-mail your password to anyone.
CNIT will never ask for your password in an e-mail.



Recommend

Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2015 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.