On Tue, 2012-03-13 at 13:37 +0100, Dimitris Tsompanidis wrote:
> Hi,
> I am deploying FreeIPA for the company I work for and it has been a good 
> experience so far, apart from the fact that users can not reset their 
> passwords throught the web UI.
> Users use Firefox to log into their accounts, they can update their 
> contact details just fine, but when they try to reset their passwords, 
> they get "Insufficient access: Invalid credentials".
> At one point, I restarted FreeIPA and a couple of users were able to 
> reset their passwords but the rest of them keep getting the same error.
> However, when users ssh to a Suse server running Krb5 against FreeIPA, 
> the password change works either by getting the "password expired" 
> notice or by running kpasswd.
> My guess is that I do something wrong in the user-creation procedure or 
> that I missed something in the default policy that I should know.
> I could get over this by just using ssh for password resets but I'm 
> planning on activating business users' account in the near future and 
> ssh is definitely out of the question.
> I should also point out that we're using FreeIPA only for authentication 
> on servers (SSH, Jira, etc) but not on the desktop machines and I'm 
> running FreeIPA 2.1.4-4 on Fedora16.
> Any comments are appreciated.

Sorry Dimitris, unfortunately this is currently a limitation with our
webUI, password changes on password expiration do not work through the
webUI, and that's the default state when you create and give a first
password to new users.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to