Description | This Article describes how to change LDAP password when FortiAuthenticator Windows Agent is installed with mobile push notification. |
Scope | How LDAP users can change their LDAP password using push notification with FAC Windows Agent is installed. |
Solution |
Consider that FortiAuthenticator Agent is already installed and communicating with FortiAuthenticator. If not, check the below article and guide: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/bb02bb94-dbf0-11ea-96b9-005056...
FAC ==== PC(FAC Agent)
Prerequisites:
FortiAuthenticator.
- Create remote LDAP server connection (domain admin user used as bind username).
The following log messages should appear in the Agent logs after changing the password:
2021-12-21 18:00:59,355 [3016|31|DEBUG] : [Credential.cpp:2129] Credential::GetOfflineCachePath: Offline Cache Path: C:\Program Files\Fortinet\FortiAuthenticator Agent\Offline\LABDC\tuser1 2021-12-21 18:00:59,371 [3016|32|DEBUG] : [Credential.cpp:1112] Credential::ReportResult ... Password change completed, resetting usage scenario. 2021-12-21 18:00:59,371 [3016| 8|DEBUG] : [Credential.cpp:1124] Credential::ReportResult: Password verified, perform post-logon actions If Domain Controller Event logs is checked, it is possible to notice that an event 4723 stating that the password has been changed. Make sure 'Minimum password age' in the GPO under 'Password Policy' is set to 0 days.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.