Hi Lynn,

I just checked this in my lab setup:

- Set up a new user on the FreeIPA server as 'ipatest'.

- Logged in to a Linux client configured for FreeIPA, it prompted me to
change my password.

- Successfully changed my password for ipatest. Verified this on another

- Furthermore, I reset the "Password Policy" min lifetime to 0 and typed
passwd on one of the ipa clients while logged in as ipatest. This worked
without issue.

I also have FreeIPA set up in the lab with a domain trust to a 2008 R2 AD
server, so I checked to see if the results would be the same.

- Logged in to FreeIPA client machine as the AD user.

- Typed passwd, and successfully reset my password. Verified the change in
Windows as well as another IPA client.

All Linux systems in this test are running CentOS 6.4 x86_64
FreeIPA server is running ipa-server-3.0.0-26.el6_4.4.x86_64
FreeIPA clients are running ipa-client-3.0.0-26.el6_4.4.x86_64
AD Server is running Windows 2008 R2

This won't necessarily help with the OS X problem, but maybe it assists
with how it's working on Linux.


On Tue, Aug 6, 2013 at 8:25 PM, Lynn Root <lr...@redhat.com> wrote:

> On Aug 6, 2013, at 4:14 PM, KodaK <sako...@gmail.com> wrote:
> > On Tue, Aug 6, 2013 at 4:31 PM, Davis Goodman
> > <davis.good...@digital-district.ca> wrote:
> >> Hi,
> >>
> >> I have an FreeIPA server configured, managed to configure a Mountain
> Lion Client for automounts and user logins.
> >>
> >> My issue is that whenever I first login with a user the "New Password"
> box shows up and even if I try to change the password the box keeps
> reappearing without any success.
> >>
> >> If I log onto the machine with the local admin user and try to get a
> ticket for this user I get a "New Password" prompt. From there I can change
> the password and I get a ticket without an issue. After that I can login
> through the GUI without being asked for a new password.
> >>
> >> Anyone has seen this behaviour before?
> >
> > That's the expected behavior.  When you set the user's password as an
> > admin, it sets the "force a password change" flag.
> Correct me if I'm wrong, but it's not expect to *not* be able to change
> the password on an IPA client after the initial setup, and be forced to use
> the IPA Server to re-set the password.  Granted, the client is OSX.
> However, I personally have experience the inability to change a new user's
> password on an IPA client, and only on the IPA Server.  Unfortunately, I've
> been trying to reproduce this and I can not. I've tried on Fedora 19, and
> will try on RHEL next.
> Davis - Can you let me know your IPA Server and IPA Client versions? As
> well as the OS that the IPA Server is on?
> Also, out of curiosity, do you have directions on how you set up the
> client on Mac OSX?
> Thanks!
> Lynn Root
> Lynn Root
> @roguelynn
> Associate Software Engineer
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
Freeipa-users mailing list

Reply via email to