On Tue, 2012-03-13 at 13:37 +0100, Dimitris Tsompanidis wrote: > Hi, > > I am deploying FreeIPA for the company I work for and it has been a good > experience so far, apart from the fact that users can not reset their > passwords throught the web UI. > > Users use Firefox to log into their accounts, they can update their > contact details just fine, but when they try to reset their passwords, > they get "Insufficient access: Invalid credentials". > At one point, I restarted FreeIPA and a couple of users were able to > reset their passwords but the rest of them keep getting the same error. > However, when users ssh to a Suse server running Krb5 against FreeIPA, > the password change works either by getting the "password expired" > notice or by running kpasswd. > My guess is that I do something wrong in the user-creation procedure or > that I missed something in the default policy that I should know. > > I could get over this by just using ssh for password resets but I'm > planning on activating business users' account in the near future and > ssh is definitely out of the question. > I should also point out that we're using FreeIPA only for authentication > on servers (SSH, Jira, etc) but not on the desktop machines and I'm > running FreeIPA 2.1.4-4 on Fedora16. > > Any comments are appreciated.
Sorry Dimitris, unfortunately this is currently a limitation with our webUI, password changes on password expiration do not work through the webUI, and that's the default state when you create and give a first password to new users. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
