Philippe, We have done some testing in the past on 10.5 and early 10.6, and found that when 802.1x was enabled, we were unable to connect to another SSID on the network until 802.1x was turned off.
That stopped us from being able to use our Xpressconnect to do this. Have you had any experience with this? On the whole topic, we have run into the same issue with 10.5 and 10.6 not prompting when password changed, and like above, we had to disable 802.1x completely and let the Mac finally remediate itself before we could connect and get an IP address. Scott From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Hanset, Philippe C Sent: Thursday, August 04, 2011 11:15 PM To: [email protected] Subject: Re: [WIRELESS-LAN] MacOS Lion & Wireless Password Resets Ryan, We have a 6 months password change policy for users with regular access and a 2 months password change policy for users with sensitive access. So far, it has been a "nightmare" for Macs (10.5, 10.6,...) on our 802.1x network. EAP-TLS or change the mind of the security office have been the options that I have considered... Xpressconnect could help if users are willing to switch back to another SSID, and run Xpressconnect every time they change their password. Philippe Univ. of TN On Aug 4, 2011, at 5:01 PM, Holland, Ryan C. wrote: I have finally got my hands on MacOS 10.7 (lion) and have started running it through wireless tests. One item I find very worrisome is this: - Via WPA2-Enterprise (PEAP/MSCHAPv2), I connect to the SSID using username & password1; these credentials are then stored in the keychain - If I change my password to, say, "password2", then the next time I connect, the Mac fails authentication It seems that the Mac, if failing authentication, never prompts for the username & password to be reentered. Our university is soon to roll-out and enforce a 90-day password policy, and I am concerned that users will be unable to authenticate and forced to remove the password from their keychain. Have any of you run into this similar issue? If so, how do handle this behavior? (I don't recall it being this way in MacOS 10.6 or 10.5) ========== Ryan Holland Network Engineer, Wireless Office of the Chief Information Officer The Ohio State University 614-292-9906 [email protected] Submit a Kudos to an OCIO employee! <http://www.surveygizmo.com/s/514095/giveociokudos> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
