I just checked this in my lab setup:
- Set up a new user on the FreeIPA server as 'ipatest'.
- Logged in to a Linux client configured for FreeIPA, it prompted me to
change my password.
- Successfully changed my password for ipatest. Verified this on another
- Furthermore, I reset the "Password Policy" min lifetime to 0 and typed
passwd on one of the ipa clients while logged in as ipatest. This worked
I also have FreeIPA set up in the lab with a domain trust to a 2008 R2 AD
server, so I checked to see if the results would be the same.
- Logged in to FreeIPA client machine as the AD user.
- Typed passwd, and successfully reset my password. Verified the change in
Windows as well as another IPA client.
All Linux systems in this test are running CentOS 6.4 x86_64
FreeIPA server is running ipa-server-3.0.0-26.el6_4.4.x86_64
FreeIPA clients are running ipa-client-3.0.0-26.el6_4.4.x86_64
AD Server is running Windows 2008 R2
This won't necessarily help with the OS X problem, but maybe it assists
with how it's working on Linux.
On Tue, Aug 6, 2013 at 8:25 PM, Lynn Root <lr...@redhat.com> wrote:
> On Aug 6, 2013, at 4:14 PM, KodaK <sako...@gmail.com> wrote:
> > On Tue, Aug 6, 2013 at 4:31 PM, Davis Goodman
> > <davis.good...@digital-district.ca> wrote:
> >> Hi,
> >> I have an FreeIPA server configured, managed to configure a Mountain
> Lion Client for automounts and user logins.
> >> My issue is that whenever I first login with a user the "New Password"
> box shows up and even if I try to change the password the box keeps
> reappearing without any success.
> >> If I log onto the machine with the local admin user and try to get a
> ticket for this user I get a "New Password" prompt. From there I can change
> the password and I get a ticket without an issue. After that I can login
> through the GUI without being asked for a new password.
> >> Anyone has seen this behaviour before?
> > That's the expected behavior. When you set the user's password as an
> > admin, it sets the "force a password change" flag.
> Correct me if I'm wrong, but it's not expect to *not* be able to change
> the password on an IPA client after the initial setup, and be forced to use
> the IPA Server to re-set the password. Granted, the client is OSX.
> However, I personally have experience the inability to change a new user's
> password on an IPA client, and only on the IPA Server. Unfortunately, I've
> been trying to reproduce this and I can not. I've tried on Fedora 19, and
> will try on RHEL next.
> Davis - Can you let me know your IPA Server and IPA Client versions? As
> well as the OS that the IPA Server is on?
> Also, out of curiosity, do you have directions on how you set up the
> client on Mac OSX?
> Lynn Root
> Lynn Root
> Associate Software Engineer
> Freeipa-users mailing list
Freeipa-users mailing list