Skip to main content
Question

macOS wifi connection works in one account but not in another

  • August 6, 2025
  • 4 replies
  • 63 views
sara_mccullar
Forum|alt.badge.img+5

We have our network setup with ADCS connector to get the certificates for the computer. The profile is working and the certificate is in the keychains.  In the admin user, I am able to connect to the wifi without any issues. In the user’s account, it won’t connect and doesn’t prompt to choose the certificate. It should prompt for the certificate. I have removed the plist in the user’s library preference folder that had anything to do with network. I still can’t get it to work. I had already cleared out everything in the /Library/Preferences/SystemConfiguration folder. 

I’m at a loss on what else to delete.

    4 replies

    AJPinto
    Forum|alt.badge.img+26
    • AJPinto
    • Legendary Contributor
    • August 6, 2025

    The Mac will only prompt for the certificate if there is something wrong with the configuration profile. Do you have the certificate and Network Payload in the same Configuration Profile and the network payload mapped to use the certificate?

    M
    Forum|alt.badge.img+11
    • mschlosser
    • Contributor
    • August 6, 2025

    just a thought is the the certificate for the wifi added to the user level keychain or the system keychain. i would think to be accessible via all users it would need to be in the system keychain and not the user level one,

    Sadly as far as i am aware, the security binary doesn’t support directly moving certs between keychains if necessary,  

    You could test the theory by manually moving the cert to system with keychain access, to the system keychain and trying again. 

     

    the beginnings of a scripted solution would be something like

     Export

    security export -k ~/Library/Keychains/login.keychain-db -t certs -f pemseq -o cert.pem

     

    Import into the system keychain:

     

    sudo security add-certificates -k /Library/Keychains/System.keychain cert.pem
    sudo security add-trusted-cert -d -r trustAsRoot -k /Library/Keychains/System.keychain cert.pem

     

    If the cert is being left in the user level keychain the export command would have to be run as user like

     

    #!/bin/zsh --no-rcs

    #!/bin/zsh --no-rcs
    currentUser=$(echo "show State:/Users/ConsoleUser" | scutil \
    							| awk '/Name :/ && !/loginwindow/ {print $3}')         
    uid=$(id -u "$currentUser")

    # --- helper: run *anything* in that user’s context
    runAsUser() {                                                        
    	if [[ -n "$currentUser" && "$currentUser" != "loginwindow" ]]; then
    		launchctl asuser "$uid" sudo -u "$currentUser" "$@"
    	else
    		echo "No interactive user – aborting" >&2
    		exit 1
    	fi
    }

    # ----------- example: export a certificate form the user's keychain -----------
    comtorun=$(runAsUser security export -k ~/Library/Keychains/login.keychain-db -t certs -f pemseq -o cert.pem)

    echo ${comtorun}

     

    sara_mccullar
    Forum|alt.badge.img+5
    • sara_mccullar
    • Author
    • Contributor
    • August 6, 2025

    The configuration profile is setup in such a way that it asks the user to choose the cert.. The cert is a system certificate which is how I was able to connect in a different user with the certificate. 

    Standard user of the computer doesn’t get prompted to choose the certificate. This user can not connect to the wifi

    Admin account gets prompted for the certificate and can choose the correct cert and connect to the network. 

    sara_mccullar
    Forum|alt.badge.img+5
    • sara_mccullar
    • Author
    • Contributor
    • August 6, 2025

    I actually remembered the answer to this issue.. There was a rogue keychain attached to the wifi. We deleted that from the keychains and were able to connect properly. 

    Terms & ConditionsCookie settingsAccessibility statement