The setup is as follows:
-The users use FortiClient 5.4 to connect to the FG (running 5.4.4) through SSL VPN.
-The users is authenticated by AD (Windows 2008 R2) using LDAPS.
-The users can successfully authenticated, and change their passwords (if the passwords are expired, or the user account has to change the password at next login).
The problem is, if the user is configured to use two-factor authentication (FortiToken), the user can login but cann't change his password and get "Permission denied (-455)" error, as follows:
-The user is asked to enter his username/password.
-Then is asked to enter the new password.
-Then get the above error message.
-In the AD, nothing change.
Could anyone help me in resolving this issue?