+ Post New Thread
Results 1 to 12 of 12
Mac Thread, Keychain Issues in Technical; At our school, students login using their network login that is brought down from AD on the macs. When using ...
  1. #1

    Join Date
    Mar 2014
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Exclamation Keychain Issues

    At our school, students login using their network login that is brought down from AD on the macs.

    When using the internet on Safari, or any other browser for that matter, they are constantly prompted for their keychain credentials which becomes quite annoying.

    The option is there to reset their keychain, however it does not follow them around when the change Mac, which quite often students do inbetween lessons and therefore resetting keychains is not really the answer.

    I was just wondering if anyone had a solution for this, maybe so that the individuals keychain is pulled down from the server or something like this?

    Thanks.

  2. #2

    Join Date
    Sep 2011
    Location
    Blackpool, UK
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    This only happens when a user has changed their AD password or it has been changed for them. When the user logs on for the first after changing their password a splash box appears regarding their Keychain. The options are to Continue login, Create New Keychain or Update Keychain. If you don't click Create New Keychain then the Keychain will continually ask for the Keychain password which is the users OLD password as a new keychain hasn't been created with the new password.

    The only way to get rid of the keychain password popup box is to delete the login keychain in the Keychain Access app. Use spotlight to search Keychain Access then right click and delete the login keychain. The Mac will be forced to create a new keychain with the new password.

  3. #3

    Join Date
    Sep 2007
    Posts
    266
    Thank Post
    6
    Thanked 33 Times in 29 Posts
    Rep Power
    21
    sorry to bring up an old thread but do you need to do this for every user on the mac ? or just the admin account

    thanks

    Andy

  4. #4

    Join Date
    Sep 2011
    Location
    Blackpool, UK
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by woodham View Post
    sorry to bring up an old thread but do you need to do this for every user on the mac ? or just the admin account

    thanks

    Andy
    If the Mac is bound to Active Directory then it only affects the Managed users on the Mac. It won't affect the local Admin accounts on the Mac as they are not managed by Active Directory.

  5. #5

    Join Date
    May 2008
    Location
    Cheshire
    Posts
    299
    Thank Post
    49
    Thanked 27 Times in 24 Posts
    Rep Power
    19
    Are you using roaming profiles?
    System Preferences - Users and Groups - Login Options - Then go into Active Directory as if you are going to bind it to AD. Under show advanced options untick "Force local home directory on startup disk". This will allow the profiles to move with them.

  6. #6

    Join Date
    Sep 2007
    Posts
    266
    Thank Post
    6
    Thanked 33 Times in 29 Posts
    Rep Power
    21
    thanks that confirmed my nightmare,
    year 7's and 8's are usless at remembering there passwords so get changed on the pc's all the time,

    hence the keychain issue when they go into the mac suite for music there must be a solution to this.

    each mac can have in a week maybe 30 different users logged onto it so deleting all the keychains is going to be a nightmare

  7. #7

    Join Date
    May 2008
    Location
    Cheshire
    Posts
    299
    Thank Post
    49
    Thanked 27 Times in 24 Posts
    Rep Power
    19
    If you have the "Force local home directory on startup disk" unticked it then saves their profile (keychain) on their homedrive\Libraries.

  8. #8

    Join Date
    Sep 2007
    Posts
    266
    Thank Post
    6
    Thanked 33 Times in 29 Posts
    Rep Power
    21
    but would that help when they change there password in AD? as wed still have to delete them I wonder if theres a script that I can write/ aquire to delete all keychaing from user accounts?

  9. #9

    Join Date
    May 2008
    Location
    Cheshire
    Posts
    299
    Thank Post
    49
    Thanked 27 Times in 24 Posts
    Rep Power
    19
    https://jamfnation.jamfsoftware.com/...n.html?id=7562 there's a setting in there to hide prompts and you can use keychain minder to help make the process easier.
    I don't think there's an easy way to delete the keychain during login or logoff.

  10. #10

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 287 Times in 219 Posts
    Blog Entries
    1
    Rep Power
    176
    Quote Originally Posted by ValeAcademy View Post
    At our school, students login using their network login that is brought down from AD on the macs.

    When using the internet on Safari, or any other browser for that matter, they are constantly prompted for their keychain credentials which becomes quite annoying.

    The option is there to reset their keychain, however it does not follow them around when the change Mac, which quite often students do inbetween lessons and therefore resetting keychains is not really the answer.

    I was just wondering if anyone had a solution for this, maybe so that the individuals keychain is pulled down from the server or something like this?

    Thanks.

    Why not try Keychain Minder - Keychain Minder on Mavericks | Der Flounder

    The Keychain is prompting because the AD password has changed. The user is being asked for the previous password, not the current one. Keychain Minder allows you to provide users with a better message explaining what they need to do. You can also try using a logout script to delete the keychain, but generally keychain minder should work better.

    https://jamfnation.jamfsoftware.com/...on.html?id=685

  11. #11
    Mark182's Avatar
    Join Date
    Dec 2010
    Location
    Lancashire
    Posts
    228
    Thank Post
    47
    Thanked 38 Times in 33 Posts
    Rep Power
    15
    I’m having the same issue as above.
    Anyone any ideas how to get this working? :-
    Source https://jamfnation.jamfsoftware.com/...on.html?id=685
    add this to your logout hook

    ################################

    #Delete the Users Keychain

    echo Removing keychain

    rm ~/Library/Keychains/login.keychain


    #record this will a log file

    touch ~/Library/Login/Reset.rft

    echo "Done"

    Working for 10.9.4 OSX using AppleScript Editor?

    I’ve edited some of it down to this :-

    #Delete the Users Keychain

    echo delete

    rm /Library/Keychains/login.keychain
    Echo “Done

    But I’ve never created a script for my Macs. It seems to be getting stuck on the . in login.keychain I know in windows I could put “/Library/Keychains/login.keychain” but that doesn’t work.

    Just wondering if anyone could help / advise?

  12. #12

    Join Date
    May 2008
    Location
    Cheshire
    Posts
    299
    Thank Post
    49
    Thanked 27 Times in 24 Posts
    Rep Power
    19
    Are you still having issues with this? Because I've found ADPasMon works extremely well (better than Keychain Minder IMO). It also give you access to the code so you can modify it. I've modified it (to suit our needs) so it automatically deletes the keychain (if it's locked) and warns the user that the Mac will reboot when logging in.



SHARE:
+ Post New Thread

Similar Threads

  1. Keychain issues! ?
    By PRicho in forum Mac
    Replies: 1
    Last Post: 1st February 2008, 04:43 PM
  2. Squid issues new install
    By ChrisH in forum *nix
    Replies: 5
    Last Post: 10th November 2005, 04:09 PM
  3. Gentoo issues
    By _Bob_ in forum *nix
    Replies: 1
    Last Post: 31st October 2005, 03:29 PM
  4. Exchange 2003 and Server 2003 SP1 issue.
    By tosca925 in forum Windows
    Replies: 0
    Last Post: 21st August 2005, 11:32 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •