On 03/13/2012 08:37 AM, Dimitris Tsompanidis wrote: > Hi, > > I am deploying FreeIPA for the company I work for and it has been a > good experience so far, apart from the fact that users can not reset > their passwords throught the web UI. > > Users use Firefox to log into their accounts, they can update their > contact details just fine, but when they try to reset their passwords, > they get "Insufficient access: Invalid credentials". > At one point, I restarted FreeIPA and a couple of users were able to > reset their passwords but the rest of them keep getting the same error. > However, when users ssh to a Suse server running Krb5 against FreeIPA, > the password change works either by getting the "password expired" > notice or by running kpasswd. > My guess is that I do something wrong in the user-creation procedure > or that I missed something in the default policy that I should know. > > I could get over this by just using ssh for password resets but I'm > planning on activating business users' account in the near future and > ssh is definitely out of the question. > I should also point out that we're using FreeIPA only for > authentication on servers (SSH, Jira, etc) but not on the desktop > machines and I'm running FreeIPA 2.1.4-4 on Fedora16. > > Any comments are appreciated. > Do you set the password for the user after you create user account using ipa passwd command?
-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
