Meraki

Community

Wireless 802.1x fails after credentials updated

Ben83
Here to help
‎Feb 15 2019 1:03 PM
‎Feb 15 2019 1:03 PM

Wireless 802.1x fails after credentials updated

I realize this is unlikely to be a Meraki specific issue, however, hoping someone in this community may have a recommended solution.

We recently implemented 802.1x in our environment and have just noticed an issue. When a user updates their directory password (OKTA), instead of the Mac prompting the user for a new password, authentication fails with an obscure message, see attached.

We have Meraki AP's and we are using Foxpass radius server which delegates authentication to OKTA. I'm not sure if this set up is a factor.

If I manually delete the Keychain entry, the authentication prompt comes back as expected and I am able to enter my updated password and connect as usual.

 

Screen Shot 2019-02-15 at 2.00.25 PM.png

0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 15 2019 2:04 PM
‎Feb 15 2019 2:04 PM

I don't see how you can resolve that one.  The WiFi autrhentication sends back a yes/no response.  The Mac has no way of knowing if a "no" is because of a password change or not.

 

You could consider changing over to certificate based authentication (no more passwords, problem solved).

0 Kudos
In response to PhilipDAth
Ben83
Here to help
‎Feb 19 2019 7:27 AM
‎Feb 19 2019 7:27 AM

Thanks for the suggestion @PhilipDAth 

I'll look into certificate based radius.  To clarify though, is this a limitation on every radius server with username/password auth? or specifically foxpass?  I seem to recall in a past implementation using MS Radius, that users were prompted for new credentials after a password change?

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.