Meraki Community

Ben83 · ‎Feb 15 2019

I realize this is unlikely to be a Meraki specific issue, however, hoping someone in this community may have a recommended solution.

We recently implemented 802.1x in our environment and have just noticed an issue. When a user updates their directory password (OKTA), instead of the Mac prompting the user for a new password, authentication fails with an obscure message, see attached.

We have Meraki AP's and we are using Foxpass radius server which delegates authentication to OKTA. I'm not sure if this set up is a factor.

If I manually delete the Keychain entry, the authentication prompt comes back as expected and I am able to enter my updated password and connect as usual.

PhilipDAth · ‎Feb 15 2019

I don't see how you can resolve that one. The WiFi autrhentication sends back a yes/no response. The Mac has no way of knowing if a "no" is because of a password change or not.

You could consider changing over to certificate based authentication (no more passwords, problem solved).

Ben83 · ‎Feb 19 2019

Thanks for the suggestion @PhilipDAth

I'll look into certificate based radius. To clarify though, is this a limitation on every radius server with username/password auth? or specifically foxpass? I seem to recall in a past implementation using MS Radius, that users were prompted for new credentials after a password change?

Meraki Community

Wireless 802.1x fails after credentials updated

Wireless 802.1x fails after credentials updated