Wireless stuck at validating identity
It has broken both our 802.1x Wifi and Ethernet connections. I EVENTUALLY got a prompt to validate a cert, but it requires Admin credentials to do so. After I got back on the network, I restarted the computer and found that reconnecting to the network is all wonky now. Only workaround that works for us is to manually go into the system keychain and set issuing and wireless certs to "always trust" (the root is already set to always trust).Wi Fi won't even try to connect until after completely logged in and at the desktop (which means any Login triggers won't happen), Ethernet gets stuck in an infinite loop and never connects on its own. Doesn't seem to be a good way to script this since the certs are deployed via config profile and already in the system keychain (so we can't really leverage a to actually ignore the update.It gets a self assigned IP for a few seconds then falls back to "not connected" and then gets a self assigned IP... The only way I can connect via Ethernet now is to click on Disconnect, wait a few seconds then click Connect. I've also tried "mac OSSierra Update-10.12.5" "Mac OS Sierra Update (10.12.5)" "10.12.5" and "mac OS Sierra Update" to no avail.We have update scheduled to push to clients this weekend but looks like I'm going to have to reschedule until this is fixed cause this is BAD.This issue was addressed through improved certificate validation.CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise company Well..makes me both happy I'm not the only one and extremely sad that it seem's like a bigger problem.This is the direction Apple has been moving in, so we were trying to skate to where the puck was heading, but unfortunately between the directory auth lockout issue in 10.12.2 and earlier, and now this - it's clear that we need to rethink that since Apple is failing to consistently test critical enterprise level functionality. Further investigation revealed AD binding issues with test machines were the actual problem, and Security Update 2017-002 has not impeded the ability of our 10.11.6 systems to authenticate via 802.1x for Wi Fi.To second @jasonaswell, I had to sudo the ignore command to get the update to be ignored (wouldn't need to do so from a JAMF script).
I was working with nwiseman on this and to clarify, it appeared to only be an issue when the root/chain certs were imported using a configuration profile.For the trust section, would this be the certificate required to connect to wifi?In our case, we use machine certificates requested from AD.Everything was working fine on said system before the upgrade. Have attempted to re-configure wifi in order to see if it just corrupted, but no dice.I've opened a support ticket with Apple, but I'm curious if anyone else is seeing something similar. So far I've tried a 15" late 2013, 13" late 16 non touchbar, and a 13" late 16 touchbar all updated to 10.12.5 and was able to sucessfully connect https://support.apple.com/en-us/HT207797 802.1X Available for: mac OS Sierra 10.12.4 Impact: A malicious network with 802.1X authentication may be able to capture user network credentials Description: A certificate validation issue existed in EAP-TLS when a certificate changed.