On Tue, Aug 6, 2013 at 4:31 PM, Davis Goodman <davis.good...@digital-district.ca> wrote: > Hi, > > I have an FreeIPA server configured, managed to configure a Mountain Lion > Client for automounts and user logins. > > My issue is that whenever I first login with a user the "New Password" box > shows up and even if I try to change the password the box keeps reappearing > without any success. > > If I log onto the machine with the local admin user and try to get a ticket > for this user I get a "New Password" prompt. From there I can change the > password and I get a ticket without an issue. After that I can login through > the GUI without being asked for a new password. > > Anyone has seen this behaviour before?
That's the expected behavior. When you set the user's password as an admin, it sets the "force a password change" flag. I don't know anything aobut OSX, but there may be a way to configure the login GUI to deal with the password change correctly. Failing that, you can use a web based password change utility and let users do self service, or if you don't want that you can set up a special password administrator you can use that when it sets passwords it doesn't force a change (bad idea.) For setting up either, you need to do this: http://www.freeipa.org/page/PasswordSynchronization for the password change user. This is the web based password change utility I chose to use, but there are others -- or you can roll your own: http://ltb-project.org/wiki/documentation/self-service-password --Jason -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users