On Tue, 2012-03-13 at 13:37 +0100, Dimitris Tsompanidis wrote:
> I am deploying FreeIPA for the company I work for and it has been a good
> experience so far, apart from the fact that users can not reset their
> passwords throught the web UI.
> Users use Firefox to log into their accounts, they can update their
> contact details just fine, but when they try to reset their passwords,
> they get "Insufficient access: Invalid credentials".
> At one point, I restarted FreeIPA and a couple of users were able to
> reset their passwords but the rest of them keep getting the same error.
> However, when users ssh to a Suse server running Krb5 against FreeIPA,
> the password change works either by getting the "password expired"
> notice or by running kpasswd.
> My guess is that I do something wrong in the user-creation procedure or
> that I missed something in the default policy that I should know.
> I could get over this by just using ssh for password resets but I'm
> planning on activating business users' account in the near future and
> ssh is definitely out of the question.
> I should also point out that we're using FreeIPA only for authentication
> on servers (SSH, Jira, etc) but not on the desktop machines and I'm
> running FreeIPA 2.1.4-4 on Fedora16.
> Any comments are appreciated.
Sorry Dimitris, unfortunately this is currently a limitation with our
webUI, password changes on password expiration do not work through the
webUI, and that's the default state when you create and give a first
password to new users.
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list