Hi Lynn,
I just checked this in my lab setup: - Set up a new user on the FreeIPA server as 'ipatest'. - Logged in to a Linux client configured for FreeIPA, it prompted me to change my password. - Successfully changed my password for ipatest. Verified this on another machine. - Furthermore, I reset the "Password Policy" min lifetime to 0 and typed passwd on one of the ipa clients while logged in as ipatest. This worked without issue. I also have FreeIPA set up in the lab with a domain trust to a 2008 R2 AD server, so I checked to see if the results would be the same. - Logged in to FreeIPA client machine as the AD user. - Typed passwd, and successfully reset my password. Verified the change in Windows as well as another IPA client. All Linux systems in this test are running CentOS 6.4 x86_64 FreeIPA server is running ipa-server-3.0.0-26.el6_4.4.x86_64 FreeIPA clients are running ipa-client-3.0.0-26.el6_4.4.x86_64 AD Server is running Windows 2008 R2 This won't necessarily help with the OS X problem, but maybe it assists with how it's working on Linux. Thanks, Brian On Tue, Aug 6, 2013 at 8:25 PM, Lynn Root <[email protected]> wrote: > > On Aug 6, 2013, at 4:14 PM, KodaK <[email protected]> wrote: > > > On Tue, Aug 6, 2013 at 4:31 PM, Davis Goodman > > <[email protected]> wrote: > >> Hi, > >> > >> I have an FreeIPA server configured, managed to configure a Mountain > Lion Client for automounts and user logins. > >> > >> My issue is that whenever I first login with a user the "New Password" > box shows up and even if I try to change the password the box keeps > reappearing without any success. > >> > >> If I log onto the machine with the local admin user and try to get a > ticket for this user I get a "New Password" prompt. From there I can change > the password and I get a ticket without an issue. After that I can login > through the GUI without being asked for a new password. > >> > >> Anyone has seen this behaviour before? > > > > That's the expected behavior. When you set the user's password as an > > admin, it sets the "force a password change" flag. > > Correct me if I'm wrong, but it's not expect to *not* be able to change > the password on an IPA client after the initial setup, and be forced to use > the IPA Server to re-set the password. Granted, the client is OSX. > > However, I personally have experience the inability to change a new user's > password on an IPA client, and only on the IPA Server. Unfortunately, I've > been trying to reproduce this and I can not. I've tried on Fedora 19, and > will try on RHEL next. > > Davis - Can you let me know your IPA Server and IPA Client versions? As > well as the OS that the IPA Server is on? > > Also, out of curiosity, do you have directions on how you set up the > client on Mac OSX? > > Thanks! > > Lynn Root > > > > Lynn Root > @roguelynn > Associate Software Engineer > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
