[Freeipa-users] Reset password in WebUI: Insufficient access: Invalid credentials
Dmitri Pal
dpal at redhat.com
Tue Mar 13 12:43:32 UTC 2012
On 03/13/2012 08:37 AM, Dimitris Tsompanidis wrote:
> Hi,
>
> I am deploying FreeIPA for the company I work for and it has been a
> good experience so far, apart from the fact that users can not reset
> their passwords throught the web UI.
>
> Users use Firefox to log into their accounts, they can update their
> contact details just fine, but when they try to reset their passwords,
> they get "Insufficient access: Invalid credentials".
> At one point, I restarted FreeIPA and a couple of users were able to
> reset their passwords but the rest of them keep getting the same error.
> However, when users ssh to a Suse server running Krb5 against FreeIPA,
> the password change works either by getting the "password expired"
> notice or by running kpasswd.
> My guess is that I do something wrong in the user-creation procedure
> or that I missed something in the default policy that I should know.
>
> I could get over this by just using ssh for password resets but I'm
> planning on activating business users' account in the near future and
> ssh is definitely out of the question.
> I should also point out that we're using FreeIPA only for
> authentication on servers (SSH, Jira, etc) but not on the desktop
> machines and I'm running FreeIPA 2.1.4-4 on Fedora16.
>
> Any comments are appreciated.
>
Do you set the password for the user after you create user account using
ipa passwd command?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list