Solved

MAC Keychain password issues

Posted on 2013-12-24
7
3,656 Views
1 Endorsement
Last Modified: 2013-12-27
In our network we have some MAC machines that are joined to Active Directory.
When there is an Active directory password change for a user, then most of the time the login keychain password does not sync with AD password, and MAC users will notice those Popups to enter their password each time..

I wonder if there is a way in MAC to synchronize the login keychain password with AD password.

I am not familiar with MAC, so I have read about  different solutions, but have not seen one that talks about just synchronizing Login keychain with AD password.

Any help will be very much appreciated.

Thank you
1
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 53

Assisted Solution

by:strung
strung earned 125 total points
ID: 39739102
There are several solutions suggested here:

https://groups.google.com/forum/#!topic/macenterprise/b2xZttuVkPk

including user education, a terminal command to ensure users are reminded to sync their keychain and a third party application called Keychain Minder Tools.
0
 
LVL 29

Assisted Solution

by:serialband
serialband earned 375 total points
ID: 39740886
Generally, if you change your account password from the Mac, it will also update the Keychain.  Mac users should just make password changes on their Macs.  Don't ever have them change it on another system.
0
 

Author Comment

by:jskfan
ID: 39740926
<<Generally, if you change your account password from the Mac>>

when the password expires in AD, MAC users will call the administrator and will change it for them in AD, then MAC users will be able to login but they will keep getting Pop Ups to enter password for each application they launch. It means there is an out of sync somewhere .
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 29

Assisted Solution

by:serialband
serialband earned 375 total points
ID: 39740979
Then you need to send a password expiration reminder to your Mac Users so they don't get into that situation.  Once they do, your tech support should keep them on the phone and have them start their Keychain Access app to change their keychain password at that time, while they still remember their previous password.

There's an ugly work-around for this is and that's to get them off wired ethernet.  Mac wireless connections are disabled until you log in.  They'll be able to use their old password to log into their Mac until they change it and force the cache to update, which will then also update the keychain password.  While they'll still be able to login with the old password, the new password is needed to connect to file shares and other services.
0
 

Author Comment

by:jskfan
ID: 39740992
<<<Then you need to send a password expiration reminder to your Mac Users so they don't get into that situation.  Once they do, your tech support should keep them on the phone and have them start their Keychain Access app to change their keychain password at that time, while they still remember their previous password>>>.


How do they change the keychain password after the administrator has changed the AD password for them and communicate it to them ?
0
 
LVL 29

Accepted Solution

by:
serialband earned 375 total points
ID: 39741005
Have them start the KeyChain Access.app in /Applications/Utilities/

Once Keychain Access has started, go to Edit --> Change Password for Keychain Login.

It will prompt for the old password and the new password.  The use should enter the old password and whatever new password your admin has set the account to.
0
 

Author Closing Comment

by:jskfan
ID: 39742261
Thank you
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
A hard and fast method for reducing Active Directory Administrators members.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question