- Jamf Nation Community
- Products
- Jamf Pro
- Unable to change AD Account password over WiFi
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Unable to change AD Account password over WiFi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-31-2016 09:21 PM
Hi guys,
We are using Aruba and ClearPass for Wireless.
Users are able to change their password on Windows over WiFi but not OSX devices.
I have tried using ADPassMon Change Password and OSX Change Password options and both failed getting an error of The server is not available eventhough i could ping the domain controllers.
Please give me some pointers on where to look at.
Thanks!
Labels:
- Labels:
-
Settings and Security Management
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-01-2016 01:00 AM
We use Aruba and ClearPass for Wireless too,and we get the same error. even occasionally changed the password through System Preferences--Users and Groups successfully,only local password changed, the password do not sync with AD.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-01-2016 05:24 AM
Although you can ping a DC, I wonder if the Mac has an established connection with the domain. If you use dscl in the terminal, are you able to browse the users container in AD?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-01-2016 09:24 PM
hi @davidacland
went to dscl
cd /Active Directory/
ls
could see the Domain
cd Domain and i got eDSUnknownNodeName
same thing with going to Directory Utility and selecting the /Active Directory/Domain/All Domains/
thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-01-2016 11:22 PM
In that case the Mac has no connection to the domain. It will normally try to connect when it boots up and is at the login window.
At what stage does the wifi connection kick in?
If it's after the user has logged in, they'll be using cached credentials and OS X isn't great at reconnecting to the domain after that point.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-02-2016 06:48 AM
Hey Guys,
Sounds like a port might be blocked. Our AD is using 3269. You could telnet to the DC on that port or the port your AD uses to make sure the port is open and can establish connections. If it can not, you will need to get networking to open that port on your Wireless VLAN's.
Shawn G
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-04-2016 11:27 PM
hi @davidacland and @sgoetz ,
Thanks for your help. I managed to find the issue thanks to your input.
Looks like the issue is caused by the adapter that we used to bind the computer to AD during netboot (didnt add the mac address to removable MAC). We have now completely ditched netBoot and use thin imaging instead.
To resolve the issue:
I disjoined the computer from AD, did recon to get the bind to AD policy to run. Once the domain is re-bound, the connection to AD is restored and i was able to navigate through users list from Directory Utility and subsequently able to change the AD password successfully.
Thanks again for everyone help!
