Jamf Nation Community

bhart · ‎02-15-2019

We recently implemented 802.1x in our environment and have just noticed an issue. When a user updates their directory password, instead of the Mac prompting the user for a new password, authentication fails with an obscure message, see attached.

We have Meraki AP's and we are using Foxpass radius server which delegates authentication to OKTA. I'm not sure if this set up is a factor.

If I manually delete the Keychain entry, the authentication prompt comes back as expected and I am able to enter my updated password and connect as usual.

ryan_ball · ‎02-15-2019

Look in the user's keychain and clear any entries related to your SSID. You can't script this removal, as the user's keychain is secured and not accessible even as root. You can, however, delete the user's keychain.

bhart · ‎02-15-2019

Hey @ryan.ball Thanks! however, you will see in my original post that manually deleting the keychain resolved the issue. However, instructing users to delete the SSID from the keychain every time they update their password is not a long term solution.
There must be a solution?

david_harman · ‎02-20-2020

I've been dealing with this issue for years. I've just made sure to plaster all password change notices (before and after) with instructions on how to fix keychain. I'd love a more automated solution.

bvrooman · ‎02-20-2020

It is scriptable, just not (easily) in the context of the root user. Since Jamf Pro runs scripts as root, you can use sudo -s $3 -c "command goes here" to execute something in the context of the user account passed into Jamf Pro (via Self Service, etc.). We used to do that fairly often to clear out Keychain entries for our non-Kerberized web proxy.

Jamf Nation Community

Wireless 802.1x fails after credentials updated