Wireless 802.1x fails after credentials updated

Here to help

Wireless 802.1x fails after credentials updated

I realize this is unlikely to be a Meraki specific issue, however, hoping someone in this community may have a recommended solution.

We recently implemented 802.1x in our environment and have just noticed an issue. When a user updates their directory password (OKTA), instead of the Mac prompting the user for a new password, authentication fails with an obscure message, see attached.

We have Meraki AP's and we are using Foxpass radius server which delegates authentication to OKTA. I'm not sure if this set up is a factor.

If I manually delete the Keychain entry, the authentication prompt comes back as expected and I am able to enter my updated password and connect as usual.


Screen Shot 2019-02-15 at 2.00.25 PM.png

Kind of a big deal
Kind of a big deal

I don't see how you can resolve that one.  The WiFi autrhentication sends back a yes/no response.  The Mac has no way of knowing if a "no" is because of a password change or not.


You could consider changing over to certificate based authentication (no more passwords, problem solved).

Thanks for the suggestion @PhilipDAth 

I'll look into certificate based radius.  To clarify though, is this a limitation on every radius server with username/password auth? or specifically foxpass?  I seem to recall in a past implementation using MS Radius, that users were prompted for new credentials after a password change?


Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.