Apple iOS - EAP-PEAP Configuration
Configure iPhone, iPad, and Mac devices to connect securely to IronWifi WPA-Enterprise wireless networks using EAP-PEAP authentication. This guide covers manual configuration, configuration profiles, and MDM deployment for enterprise environments.
Overview
EAP-PEAP provides secure wireless authentication using a username and password. iOS devices fully support EAP-PEAP and can be configured manually or via MDM profiles.
Prerequisites
- iOS 10 or later (iOS 14+ recommended)
- Valid IronWifi user credentials
- Wireless network configured with WPA2-Enterprise
Manual Configuration
iPhone / iPad
- Open Settings > Wi-Fi
- Tap your enterprise network name
- Configure the following:
- Username: Your IronWifi username (usually email)
- Password: Your password
- Tap Join
- When prompted about the certificate, tap Trust
First-Time Connection
On first connection, iOS will display a certificate trust dialog:
- Review the certificate details
- Verify the server name matches your expected RADIUS server
- Tap Trust to accept the certificate
- The certificate will be remembered for future connections
Configuration Profile (MDM)
For enterprise deployment, create a Wi-Fi configuration profile:
Using Apple Configurator 2
- Open Apple Configurator 2
- File > New Profile
- Add Wi-Fi payload
- Configure:
- SSID: Your network name
- Security Type: WPA2 Enterprise
- Protocols: Select PEAP
- Authentication: Username and password
- Username: Leave blank for per-user entry or use variable
- Password: Leave blank for per-user entry
- Add Certificate payload for the CA certificate
- Save and deploy the profile
Profile XML Example
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>AutoJoin</key>
<true/>
<key>EAPClientConfiguration</key>
<dict>
<key>AcceptEAPTypes</key>
<array>
<integer>25</integer>
</array>
<key>TTLSInnerAuthentication</key>
<string>MSCHAPv2</string>
</dict>
<key>EncryptionType</key>
<string>WPA2</string>
<key>SSID_STR</key>
<string>YourNetworkSSID</string>
<key>PayloadType</key>
<string>com.apple.wifi.managed</string>
</dict>
</array>
</dict>
</plist>
Intune / Jamf Deployment
Microsoft Intune
- Go to Devices > Configuration profiles
- Create new profile for iOS/iPadOS
- Select Wi-Fi template
- Configure:
- Wi-Fi type: Enterprise
- EAP type: PEAP
- Certificate server names: Your RADIUS hostname
- Root certificate for server validation: Select deployed CA cert
Jamf Pro
- Computers/Devices > Configuration Profiles
- Add Network payload
- Select:
- Security Type: WPA2 Enterprise
- Protocol: PEAP
- Configure authentication settings
Troubleshooting
"Unable to Join Network"
- Verify your credentials are correct
- Check that the network is within range
- Forget the network and try again:
- Settings > Wi-Fi > tap (i) > Forget This Network
Certificate Trust Issues
If iOS won't trust the certificate:
- Check if the CA certificate needs to be installed
- Go to Settings > General > About > Certificate Trust Settings
- Enable trust for the certificate
Authentication Loops
If repeatedly prompted for credentials:
- Ensure username format is correct (may need full email)
- Check account isn't locked in IronWifi console
- Verify password hasn't expired
Profile Installation Fails
- Check the profile isn't corrupted
- Ensure device isn't managed by conflicting MDM
- Review profile in Settings > General > VPN & Device Management
Mac OS Configuration
macOS Ventura and Later
- Click Wi-Fi icon in menu bar
- Select your enterprise network
- Enter:
- Username: Your username
- Password: Your password
- Click Join
- Trust the certificate when prompted
802.1X Settings
For advanced configuration:
- System Preferences > Network
- Select Wi-Fi > Advanced
- Add network with 802.1X authentication
- Configure EAP-PEAP settings
Related Topics
- Mac OS & iOS - TTLS + PAP - Alternative authentication
- Windows - EAP-PEAP - Windows configuration
- SCEP with Intune - Certificate provisioning