Main Nav

Hello there, not the "full enterprise support" we need, but certainly a step in the right direction - Apple TV with newest 5.1 Software now supports 802.1x, configurable via Apple Configurator and USB. http://support.apple.com/kb/HT5438 Apple TV: How to configure 802.1X using a profile http://support.apple.com/kb/HT5437 Apple TV: How to install a configuration profile Haven't tried it yet though. News just came in. -Stöf -- Stefan Kronawithleitner Johannes Kepler University, InformationManagement (IM) - Network and Telephony stefan.kronawithleitner@jku.at (mailto:stefan.kronawithleitner@jku.at) +43 732 2468 3923 SK3112-RIPE ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from curtis.k.larsen@utah.edu

I just tried the steps below on our .1x WPA2-Enterprise SSID. After updating the software I was indeed able to load a configuration profile, but the Apple TV fails to authenticate and gives the following error: "Check your settings and try again (-369033213)" I have done a debug on the Cisco WLC and found that it starts the authentication process but never actually gets to the Access-Accept or Access-Reject part. I need to turn on some additional debugs to be sure what the problem is, I suspect some sort of issue with the cert chain, or validating the server names?? I noticed that in the Apple Configurator, it will not let me save the radius server hostnames ...weird. Anyway, let me know if you have encountered and solved that one already. Thanks, Curtis On 09/25/2012 01:01 AM, Stefan Kronawithleitner wrote: > Hello there, > > not the "full enterprise support" we need, but certainly a step in the right direction - Apple TV with newest 5.1 Software now supports 802.1x, configurable via Apple Configurator and USB. > > http://support.apple.com/kb/HT5438 Apple TV: How to configure 802.1X using a profile > http://support.apple.com/kb/HT5437 Apple TV: How to install a configuration profile > > Haven't tried it yet though. News just came in. > > -Stöf > > -- > Stefan Kronawithleitner > Johannes Kepler University, InformationManagement (IM) - Network and Telephony > stefan.kronawithleitner@jku.at (mailto:stefan.kronawithleitner@jku.at) +43 732 2468 3923 SK3112-RIPE > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Message from zachary.mcgibbon@mcgill.ca

I was able to push a config to our test AppleTV, it didn't work since I didn't put in our certificate so I blew away the config and now I can't get it re-provisioned. I'm also testing using the 'iPhone Configuration Utility' for windows which does see the AppleTV, however I keep getting an error: Value cannot be null. Parameter name: cert I've installed the Thawte Premium Server CA as we are using them for our certificate, and I was able to push the same config to my iPhone 4 without any problems, but it doesn't seem to work on the AppleTV. Anyone else have this problem or know a solution? Zachary McGibbon Network Specialist / McGill NCS Email: zachary.mcgibbon@mcgill.ca Office: (514) 398-7388

Message from:dan.larrea@wichita.edu

We were able to get our Apple TV's to connect to our wireless (WPA2-Enterprise) using the Apple Configurator. We are using MS Radius Authentication PEAP with MSCHAP v2. You will need to create a profile in the Apple Configurator with the following settings:

Under General Tab (Mandatory) enter Name and Organization

Under Wi-Fi Tab:

  • Populate SSID
  • Check Auto Join
  • Security Type = WPA / WPA2-Enterprise
  • Protocols = PEAP
  • Enter a valid wireless username and password
  • Leave Outer Identity BLANK

 

Under Credentials Tab: (On the left side of the screen - you will need to scroll down)

  • Import the Certificate Authoroty Chain (intermediate + trusted root CA) - We use Go Daddy but you can use your own Active Directory CA
  • You don't need to import the radius server certificate itself - just the validation certificates CA Chain

 

Once you have imported the CA Chain on the Credentials Tab go back to the Wi-Fi Tab

Under Wi-Fi Tab: (On the left side of the screen - you will need to scroll down)

  • Click on Trust (under Protocols | Trust)
  • Make sure the CA Chain you uploaded on the Credentials Tab is shown and make sure all the certificates on the chain are selected if more than one is showing up - With Go Daddy you usually get the gd_bundle that includes both the trusted authoroty and the intermediate cert.

 

Connect the Apple TV to your MAC running the Apple Configurator and click on the Prepare button at the bottom to transfer the profile. Your apple TV should be able to connect to your wireless. If having issues restart the Apple TV. 

Dan

Message from lkfirestone@miami.edu

Hi All, Just tried out the new Apple Configurator on an AppleTV. Got it to work. Here's how: 1. When creating a profile make sure that the cert under the trust tab of the wireless profile is checked. Double check after saving the profile to make sure that the change has been retained. I've found that it sometimes unchecks inexplicably. 2. After loading the profile on the AppleTV, do not unplug the power on the AppleTV. Connect it back to the HDMI port. 3. Before attempting to connect to your 802.1x secured network, you must connect to an open network that has internet access. You must do this so that your AppleTV is able to set the date and time. 4. Connect to your 802.1x secured network. 5. Performing a restart from the menu system should not affect this, but a full power off will reset the date/time of the AppleTV and it will not re-auth upon power up. A workaround that I have also found is this: In the configuration profile, I first added in our open network profile, and then secondly added in our secured network profile so that there is both a open and secured network represented in the profile. After having been connected to the secured network, power off the AppleTV. On power on, it will try and reconnect to the secured network, fail, and then failover to the open network, and get out to the internet. You then will have to manually select the secured network again. (Much like a VCR resetting after a power outage :) ) Happy Airplaying! Lisa K Firestone Network Engineer University of Miami Department of Telecommunications (305)-284-1677