Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

802.1x Password Prompt Not Appearing After Authentication Failure

thaphucha
New here
Sunday
Sunday

802.1x Password Prompt Not Appearing After Authentication Failure

We're having trouble with our 802.1x setup on Meraki APs. When a user's AD password changes, and they try to connect with the old (saved) password, the authentication fails (Access-Reject from NPS). However, the BYOD devices don't prompt users to enter their new credentials and keep trying to reconnect with the outdated password. Only workaround right now is to delete the wifi-profil. Afterwards the user can connect to the ssid again with entering the new correct password

 

 

Current setup:

  • 802.1x (PEAP-MSCHAPv2)
  • Windows NPS as RADIUS
  • AD user authentication

Any advice to ensure devices prompt for new credentials after a failed auth?

0 Kudos
Subscribe
2 Replies 2
Brash
Kind of a big deal
Kind of a big deal
Sunday
Sunday

This is an expected behaviour for most clients.

This is one of the reasons many organisations utilize device certificates for WiFi authentication.

There are also some client-side MDM software/configuration options that can synchronize the login password with the Wifi adapter

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
Monday
Monday

One novel solution I saw at a company was a powershell script they had written (and scheduled to run once a day) that checked the Active Directory attribute PwdLastSet for each user.  This attribute tells you when a user last changed their password.

 

They sent users who had recently changed their password an email to remind them.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.