Passwords and AD(keychain, wifi, etc)

Contributor III

Our campus is currently configured with Macs and PC being bound/joined to active directory. We've been instructed that our password can only be changed via a specific website. This is semi-manageable but still somewhat painful when the user is here on campus plugged into ethernet as the user gets prompted to update the keychain after they restart or log out then login again.

Things get more challenging with wifi involved as now keychain doesn't prompt and the wifi simply doesn't work any longer. Now the configuration has to be removed and reconfigured with the new credentials.

Off site more of the same where keychain doesn't prompt even when on vpn. For vpn we use Aruba through their client software.

How are people dealing with this? The institution is finally implementing expiration dates on accounts so we need a good solution to deal with this as obviously in the past nobody really ever changed their password.

We're not using Filevault yet but I know it's on the roadmap so whatever solution gets provided, it will need to deal with whatever challenges await with it.

Thanks in advance for any help you can provide.



AD and Mac are like oil and water.
Change the password on the Mac and everything syncs up. User account/FileVault/AD account.
Change the password external to the Mac and everything goes out of whack.
This is where NoMAD comes in. There are two main settings in the Plist that should be set to true.

NoMAD also has a Wi-Fi setting: WifiNetworks
But I have not used that one yet.

Valued Contributor

+1 for NoMAD - take a look. Or Enterprise Connect.

We used to utilise the ADPassMon and KerbMinder utilities but those projects are no longer maintained, and are in the process of transitioning to NoMAD.

Valued Contributor II

NoMAD was just purchased by JAMF and is now a separate JAMF product. I've heard great things but haven't tested it myself. We're an Enterprise Connect shop.