Description | This article describes what are the requirements for LDAP password change.
Windows AD users can conveniently change their passwords without provision changes being made to the network by a Windows AD system administrator.
There are three ways FortiAuthenticator supports a password change: RADIUS login, GUI user login, and GUI user portal.
RADIUS login: For the method to work, ALL the following conditions must be met:
- FortiAuthenticator has joined the Windows AD domain.
A 'change password' response is produced that FortiAuthenticator will recognize, which allows cooperation between the NAS and the Windows AD server that will result in a password change.
GUI user login: For this method to work, ONE of the following conditions must be met:
- FortiAuthenticator has joined the Windows AD domain.
Log in via the GUI portal. FortiAuthenticator will validate the user password against a Windows AD server. The Windows AD server returns with a change password response. If that happens, the user is prompted to enter a new password.
GUI user portal: For this method to work, ONE of the following conditions must be met:
- FortiAuthenticator has joined the Windows AD domain.
After successfully logging into the GUI, the user has access to the user portal. If desired, the user can change their password in the user portal. |
Scope | FortiAuthenticator 6.X |
Solution |
Choosing to join the domain instead of LDAPs will cover all 3 use cases: RADIUS login, GUI user login and GUI user portal.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.