Morning All,
Hoping you can help I have raised this with Apple but without paying for cross platform support they are unwilling to help.
In our network we use Cisco ISE and as as part of this we register our iPads with the BYOD functions which downloads and installs a WiFi profile containing the network SSID, PEAP protocol, auto join setting and a certificate in order to perform machine authentication using eap-mschapv2 .
Since upgrading to iOS11 (currently running iOS 11.1 bata) when users change their Active Directory password the iPad are kicked of the network and on the iPad request for a password to be entered however the box presented has Username & Identity. The identity looks for a device identity certificate as if you use eap-tls not eap-mschapv2.
Currently the only work around we have is to remove the WiFi profile and enter a password each time it is changed but this defeats the purpose of machine level authentication.
Our iPads on iOS10* work as expected when a users changes their AD password the iPad remains connected and users not prompted to change it on the iPad.
ISE Details: Vesion - 2.0.0.306, nstalled Patches: 4
Also attached logs from ISE
we were already on patch 4 which covered the CSCuw88770 updated to Patch 5 but the issue still remains.
I'd rather continue to use PEAP-MSCHAPv2 however with over half of our users upgraded to iOS 11, If I don't get a reply from Apple soon may need to resort to machine based certificates my issue in doing that is we have a combination of Windows 10, iOS and Apple TV devices.
Few people have suggested to use machine based certificates do you know if this works with iOS devices and apple TVs and is it possible to use the built in CA in ISE and use the BYOD portal to push the certificates out or do you need to link it up with the AD CA or another external CA ?
