Solved

MAC Keychain password issues

Posted on 2013-12-24
7
3,635 Views
1 Endorsement
Last Modified: 2013-12-27
In our network we have some MAC machines that are joined to Active Directory.
When there is an Active directory password change for a user, then most of the time the login keychain password does not sync with AD password, and MAC users will notice those Popups to enter their password each time..

I wonder if there is a way in MAC to synchronize the login keychain password with AD password.

I am not familiar with MAC, so I have read about  different solutions, but have not seen one that talks about just synchronizing Login keychain with AD password.

Any help will be very much appreciated.

Thank you
1
Comment
Question by:jskfan
  • 3
  • 3
7 Comments
 
LVL 53

Assisted Solution

by:strung
strung earned 125 total points
ID: 39739102
There are several solutions suggested here:

https://groups.google.com/forum/#!topic/macenterprise/b2xZttuVkPk

including user education, a terminal command to ensure users are reminded to sync their keychain and a third party application called Keychain Minder Tools.
0
 
LVL 29

Assisted Solution

by:serialband
serialband earned 375 total points
ID: 39740886
Generally, if you change your account password from the Mac, it will also update the Keychain.  Mac users should just make password changes on their Macs.  Don't ever have them change it on another system.
0
 

Author Comment

by:jskfan
ID: 39740926
<<Generally, if you change your account password from the Mac>>

when the password expires in AD, MAC users will call the administrator and will change it for them in AD, then MAC users will be able to login but they will keep getting Pop Ups to enter password for each application they launch. It means there is an out of sync somewhere .
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 29

Assisted Solution

by:serialband
serialband earned 375 total points
ID: 39740979
Then you need to send a password expiration reminder to your Mac Users so they don't get into that situation.  Once they do, your tech support should keep them on the phone and have them start their Keychain Access app to change their keychain password at that time, while they still remember their previous password.

There's an ugly work-around for this is and that's to get them off wired ethernet.  Mac wireless connections are disabled until you log in.  They'll be able to use their old password to log into their Mac until they change it and force the cache to update, which will then also update the keychain password.  While they'll still be able to login with the old password, the new password is needed to connect to file shares and other services.
0
 

Author Comment

by:jskfan
ID: 39740992
<<<Then you need to send a password expiration reminder to your Mac Users so they don't get into that situation.  Once they do, your tech support should keep them on the phone and have them start their Keychain Access app to change their keychain password at that time, while they still remember their previous password>>>.


How do they change the keychain password after the administrator has changed the AD password for them and communicate it to them ?
0
 
LVL 29

Accepted Solution

by:
serialband earned 375 total points
ID: 39741005
Have them start the KeyChain Access.app in /Applications/Utilities/

Once Keychain Access has started, go to Edit --> Change Password for Keychain Login.

It will prompt for the old password and the new password.  The use should enter the old password and whatever new password your admin has set the account to.
0
 

Author Closing Comment

by:jskfan
ID: 39742261
Thank you
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question