cancel
Showing results for 
Search instead for 
Did you mean: 

Wireless 802.1x fails after credentials updated

Here to help

Wireless 802.1x fails after credentials updated

I realize this is unlikely to be a Meraki specific issue, however, hoping someone in this community may have a recommended solution.

We recently implemented 802.1x in our environment and have just noticed an issue. When a user updates their directory password (OKTA), instead of the Mac prompting the user for a new password, authentication fails with an obscure message, see attached.

We have Meraki AP's and we are using Foxpass radius server which delegates authentication to OKTA. I'm not sure if this set up is a factor.

If I manually delete the Keychain entry, the authentication prompt comes back as expected and I am able to enter my updated password and connect as usual.

 

Screen Shot 2019-02-15 at 2.00.25 PM.png

2 REPLIES 2
Kind of a big deal

Re: Wireless 802.1x fails after credentials updated

I don't see how you can resolve that one.  The WiFi autrhentication sends back a yes/no response.  The Mac has no way of knowing if a "no" is because of a password change or not.

 

You could consider changing over to certificate based authentication (no more passwords, problem solved).

Highlighted
Here to help

Re: Wireless 802.1x fails after credentials updated

Thanks for the suggestion @PhilipDAth 

I'll look into certificate based radius.  To clarify though, is this a limitation on every radius server with username/password auth? or specifically foxpass?  I seem to recall in a past implementation using MS Radius, that users were prompted for new credentials after a password change?

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Points Contest
Join us for a month-long contest with heaps of swag to win!

Learn More ›