Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Adonist
New Contributor

Allow local users to change password

Is it possible to allow local users that use SSL VPN to change their own password?

I've tried through the SSLVPN web portal but it doesn't give me an option. I don't want to buy Forti Authenticator just for that.

I found some documents on how to create a password policy to force the change every X amount of days but now how to allow the users to change it themselves.

 

7 REPLIES 7
Elthon_Abreu
Contributor

check this out: [link]https://forum.fortinet.com/tm.aspx?m=166963#166975[/link]

Elthon Abreu FCNSA v5

Elthon Abreu FCNSA v5
tmelton

to me this is a feature that should already be there.

I need to allow local users to change their password after login.

I'll assign them a generic password for the first login and then force a password change after they connect.

 

 

Tim Melton

Cimtel

System Administrator/DBA

Tim Melton Cimtel System Administrator/DBA
kenneth_andersen

Hi,

 

i ran into this too - local users for VPN access, generic passwords to begin with

and a customer wish, to have them force change the password on first logon.

 

Any luck getting this solved?

 

/Kenneth

kenneth_andersen

Hmmrf..!

 

Doing a test using the password policy did get me some of the way.

I performed a test, to see how the expiration warning looked like, setting a password policy for expire 30 and warn 30, so that the password would live 30 days, and i would start receiving the warning immediately.

 

Result was that i immediately received a warning - true. But the word of the warning is:

"your password has expired"

followed by 2 fields to enter a new password.

... no option to skip this for another time

 

so now, even tho expire timer was set to 30 days ahead, the warn timer seemed to force the user to a password reset before connecting.

 

I've set the warn-timer to 29 days now, and tomorrow i'll see if this simply is a bug when both timers are identical.

Warning should be a heads up to the user, that you now have xx days left to reset your password, in my humble opinion.

 

(i should mention, i'm running a 100F at Firmware 6.4.0 build 6025 (GA))

 

/Kenneth

tmelton

I bypassed the problem by using LDAP and connecting to my domain server.

So I did not look into it further.

Tim Melton

Cimtel

System Administrator/DBA

Tim Melton Cimtel System Administrator/DBA
kenneth_andersen

Hmm i quickly googled onwards, and found this one:

https://www.fortinetguru.com/2020/01/ssl-vpn-with-local-user-password-policy/

 

rmreddy
Staff
Staff

Hi, you can use the below link to change the password, users can change the password by themselves.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Password-expiration-policy-for-SSL-VPN-loc...

Labels
Top Kudoed Authors