Unable to change AD Account password over WiFi

khey
Contributor

Hi guys,

We are using Aruba and ClearPass for Wireless.

Users are able to change their password on Windows over WiFi but not OSX devices.

I have tried using ADPassMon Change Password and OSX Change Password options and both failed getting an error of The server is not available eventhough i could ping the domain controllers.

Please give me some pointers on where to look at.

Thanks!

6 REPLIES 6

shibao_si
New Contributor II

We use Aruba and ClearPass for Wireless too,and we get the same error. even occasionally changed the password through System Preferences--Users and Groups successfully,only local password changed, the password do not sync with AD.

davidacland
Honored Contributor II
Honored Contributor II

Although you can ping a DC, I wonder if the Mac has an established connection with the domain. If you use dscl in the terminal, are you able to browse the users container in AD?

khey
Contributor

hi @davidacland went to dscl
cd /Active Directory/
ls
could see the Domain
cd Domain and i got eDSUnknownNodeName

same thing with going to Directory Utility and selecting the /Active Directory/Domain/All Domains/

thanks

davidacland
Honored Contributor II
Honored Contributor II

In that case the Mac has no connection to the domain. It will normally try to connect when it boots up and is at the login window.

At what stage does the wifi connection kick in?

If it's after the user has logged in, they'll be using cached credentials and OS X isn't great at reconnecting to the domain after that point.

sgoetz
Contributor

Hey Guys,

Sounds like a port might be blocked. Our AD is using 3269. You could telnet to the DC on that port or the port your AD uses to make sure the port is open and can establish connections. If it can not, you will need to get networking to open that port on your Wireless VLAN's.

Shawn G

khey
Contributor

hi @davidacland and @sgoetz ,

Thanks for your help. I managed to find the issue thanks to your input.

Looks like the issue is caused by the adapter that we used to bind the computer to AD during netboot (didnt add the mac address to removable MAC). We have now completely ditched netBoot and use thin imaging instead.

To resolve the issue:

I disjoined the computer from AD, did recon to get the bind to AD policy to run. Once the domain is re-bound, the connection to AD is restored and i was able to navigate through users list from Directory Utility and subsequently able to change the AD password successfully.

Thanks again for everyone help!