iOS WiFi Profile with WPA2-Enterprise
We are having issues setting up a new batch of iPhone 11s with iOS 13.3.1 with a WiFi profile from Intune.
Setup
- Active Directory Domain controller running Windows Server 2008 (yes I know...)
- Network Policy Server running on Windows Server 2012 R2 configured for PEAP with username & password. Users in the AD's domain user group are allowed access.
- Ubiquiti AP AC PRO (these always run latest firmware). These have been setup as RADIUS clients to the NPS.
We tested and verified that a user can connect to the WiFi using WPA2-Enterprise using iPhone 6s with iOS 13.3 by manually connecting to the SSID then inputting their AD credenetials in the format user@domain.dom.
Method
1) Exported the CA's root certificate and then created an Intune profile to distribute the certificate to the iPhones.
2) Setup a Device Configuration profile WiFi profile for iOS platform.
WiFi type: Enterprise
Network Name: Our WiFi
SSID: Internal
Connect Automatically: Enable
Hidden Network: Disable
EAP Type: PEAP
Server Trust
Certificate Server Name
nps.internal.dom
Root Certificate: Our CA's root certificate profile.
3) We then assigned to the iPhones. Users were then prompted for an account to connect to the SSID with. When they do this they are able to connect to the WiFi.
Problem
Eventually the WiFi connection is dropped and the next time a user unlocks their phone they are prompted for the WiFi username and password.
What it appears to be doing is overriding the username and password that the user input into the prompt on the phone. It should be using their internal AD username & password but it appears to be overriding the username with the user's Office 365 username. These are not the same.
Bizzarely we had one iPhone XS prior to this which had the WiFi profile but did not get similar issues. The iPhone 11s have been provisioned using the Apple configurator but the XS hasn't.
Has anyone else faced similar issues and how did you overcome this?