Q: AD bound macs not connecting to captive portal wifi
I recently took a position at an up and coming company and have quickly become the enterprise "Mac Guy", this entails personal support of our Execs and Sales department as they are our sole users of Macs in our company. We (obviously) run a domain with AD, but have no Mac Servers. The issue I am coming across is all of our Macs are laptops, and are mobile. The computers are required to be bound to our domain (we are required to be HIPAA compliant), however, when the computers go off site and have to connect to a captive portal to connect to a public WiFi (Hilton, McDonalds, Sky Lounges, etc), the connection cannot be made because the captive portal is never provided for authentication. However, if the gateway can be determined they can SOMETIMES manually enter the IP address in the address bar and get the portal. We do not force any DNS or IP addresses on any WiFi connections. Open WiFi's without a captive portal (home, other offices, etc) work fine. The big bombshell...If I unbind the computer from the domain captive portals then work just fine, and there is much rejoicing.
So, my issue is that we HAVE to have these computers bound to our domain if for nothing more than forcing password expiration ( I don't think AD does much more for a Mac than this anyway), and remain HIPAA compliant, but I am willing to use a different method to managing passwords if there are other options out there.
My ultimate questions are:
* Do you know WHY a bound computer would not connect to a captive portal? (I have been able to find zero information anywhere online)
* If it's a "bug", and I do need to unbind them, do you know if there is a way to force password resets/ manage passwords on OSX? (I am willing to consider standing up a Mac Server if necessary)
Posted on Feb 23, 2016 5:56 AM