The .mobileconfig file can be generated with the apple iPhone configuration tool which is available for regular macos, not just apple servers. An older version used to run on windows too if you want to hint that out.
Add for windows being 'weird', the correct wireless term is WPA2 Enterprise So it's not being wierd (Using 802.1X for the auth phases target than a pre shared key) ;)
alan
You could use eduroam's CAT tool to generate these. Recently the source was moved over to github (not sure if that's every part to need to get a full CAT instance up and running.) https://github.com/GEANT/CAT A bit of overkill maybe for a home network, but not being an eduroam SP you'll need to build your own rather than use the live tool. At any rate, just google for mobileconfigs from universities. The ones that do not use PSK do not have any private info them so they are generally posted publicly, and many use EAP-PEAP-MSCHAPv2 also see: http://www.rootmanager.com/iphone-ota-configuration/iphone-ota-setup-with-si... ...for the instructions on how to sign them. You can embed your homegrown CA cert into the mobileconfig for one-step installation. If you also want add a VPN client config to the file as well, see the strongswan wiki; they have a posted example for that. ________________________________________ From: Freeradius-Users <freeradius-users-bounces+bjulin=clarku.edu@lists.freeradius.org> on behalf of Toby Walsh <walshtj@gmail.com> Sent: Sunday, November 13, 2016 5:48 PM To: Alan Buxey Cc: FreeRadius users mailing list Subject: Re: Apple .mobileconfig templates for user devices? Problem is my personal admin machine and my personal home devices are Linux and Android only :). I used to have Windows 10 until the SSD it was on died and now that you have to pay, well, I'm not paying. I can borrow an OS X machine but it's a shame it's not just a simple GUI. We tried yesterday to install the configuration tool but the OS X machine normally resides on a controlled/sterile environment and it's locked down so I can't install the configuration tool until the owner of the machine asks their IT department nicely for permission. Sigh. The thing that got me about the Windows machine is on Android you select 802.1x security, select the method, select the authentication and it all matches what you set up in Freeradius (in my mind). On Windows when you choose security there were (I think) four basic methods: none, wep, wpa or 802.1x. If you choose 802.1x there, then you can't get the config to work. If you choose wpa there, that's what you needed to do and then set up 802.1x authentication later on. I didn't understand why 802.1x was offered as an option early on and why I couldn't get that to work when I kept choosing it. I ended up trying to config a working profile using netsh wlan ... commands and still not having access to the options I thought I needed. If they'd only offered none, wep, wpa in the first pool of options then I would have probably managed to set it up much faster. Oh well, I know now after wasting a couple of hours. Toby On 13 November 2016 at 21:53, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html