<div dir="ltr"><div>Hi Lynn,</div><div><br></div><div><br></div>I just checked this in my lab setup:<div><br><div>- Set up a new user on the FreeIPA server as 'ipatest'. </div><div><br></div><div>- Logged in to a Linux client configured for FreeIPA, it prompted me to change my password. </div> </div><div><br></div><div>- Successfully changed my password for ipatest. Verified this on another machine.</div><div><br></div><div>- Furthermore, I reset the "Password Policy" min lifetime to 0 and typed passwd on one of the ipa clients while logged in as ipatest. This worked without issue.</div> <div><br></div><div>I also have FreeIPA set up in the lab with a domain trust to a 2008 R2 AD server, so I checked to see if the results would be the same.</div><div><br></div><div>- Logged in to FreeIPA client machine as the AD user.</div> <div><br></div><div>- Typed passwd, and successfully reset my password. Verified the change in Windows as well as another IPA client.</div><div><br></div><div>All Linux systems in this test are running CentOS 6.4 x86_64</div> <div>FreeIPA server is running ipa-server-3.0.0-26.el6_4.4.x86_64</div><div>FreeIPA clients are running ipa-client-3.0.0-26.el6_4.4.x86_64</div><div>AD Server is running Windows 2008 R2</div><div><br></div><div>This won't necessarily help with the OS X problem, but maybe it assists with how it's working on Linux.</div> <div><br></div><div>Thanks,</div><div>Brian</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Aug 6, 2013 at 8:25 PM, Lynn Root <span dir="ltr"><<a href="mailto:lroot@redhat.com" target="_blank">lroot@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br> On Aug 6, 2013, at 4:14 PM, KodaK <<a href="mailto:sakodak@gmail.com">sakodak@gmail.com</a>> wrote:<br> <br> > On Tue, Aug 6, 2013 at 4:31 PM, Davis Goodman<br> > <<a href="mailto:davis.goodman@digital-district.ca">davis.goodman@digital-district.ca</a>> wrote:<br> >> Hi,<br> >><br> >> I have an FreeIPA server configured, managed to configure a Mountain Lion Client for automounts and user logins.<br> >><br> >> My issue is that whenever I first login with a user the "New Password" box shows up and even if I try to change the password the box keeps reappearing without any success.<br> >><br> >> If I log onto the machine with the local admin user and try to get a ticket for this user I get a "New Password" prompt. From there I can change the password and I get a ticket without an issue. After that I can login through the GUI without being asked for a new password.<br> >><br> >> Anyone has seen this behaviour before?<br> ><br> > That's the expected behavior. When you set the user's password as an<br> > admin, it sets the "force a password change" flag.<br> <br> </div>Correct me if I'm wrong, but it's not expect to *not* be able to change the password on an IPA client after the initial setup, and be forced to use the IPA Server to re-set the password. Granted, the client is OSX.<br> <br> However, I personally have experience the inability to change a new user's password on an IPA client, and only on the IPA Server. Unfortunately, I've been trying to reproduce this and I can not. I've tried on Fedora 19, and will try on RHEL next.<br> <br> Davis - Can you let me know your IPA Server and IPA Client versions? As well as the OS that the IPA Server is on?<br> <br> Also, out of curiosity, do you have directions on how you set up the client on Mac OSX?<br> <br> Thanks!<br> <br> Lynn Root<br> <span class="HOEnZb"><font color="#888888"><br> <br> <br> Lynn Root<br> @roguelynn<br> Associate Software Engineer<br> </font></span><div class="HOEnZb"><div class="h5"><br> <br> <br> _______________________________________________<br> Freeipa-users mailing list<br> <a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> </div></div></blockquote></div><br></div>