Trying to find way to diagnose how / why a specific keychain entry is getting overwritten for a few of my users.
The symptom is that the user(s) complains that they are being asked for a Wifi password to our corporate network. This is being pushed by a JAMF policy. However for one user I remove MDM and re-added. I see the keychain correctly getting added with correct value but shortly afterwards the actual password in the Keychain was changed by something to an incorrect value. User can access the Wifi until the machine sleeps and need to reconnect, at which point they get asked for password.
I have gone through configuration profiles and policies and do not see anything that should change (apart from Wireless push).
Are there good ways to enable debugging or auditing so I can track what is making this change. Either JAMF is overwriting or an iCloud sync.
Thoughts? Suggestions?
