Hi everyone,
I'm kind of very new to FortiAuthenticator. I am working on setting up one at a customer. I am having issues with the self serve portal (not the legacy one) for the password change.
I have setup both LDAPS and the FortiAuthenticator is joined to the domain (although documentation said I need only one of these, issue below was not working with only LDAPS).
When trying to change the password for my test user, whatever I put as new password, it doesn't want to take it. I have tried complex, short or long password or even simple ones, I always get the error message below.
If anyone have any hint, that would be greatly appreciated.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Finally found the issue and it wasn't related to the FortiAuthenticator at all. I decided to test changing the password of my test account on a more regular way, to find out I was getting the same error. Turns out the customer domain password policy was set to a minimum password age of over 100 days. Tested with an old account and it was working fine
Thanks for your hints.
Hi and welcome to the FortiAuthenticator.
First thing to check is the debug log that can be seen with https://fac-ip/debug/radius
There you find all sorts of authentication logs; these might help to see more details about the problem.
Best regards,
Markus
Hi Markus, thanks for the reply!
I have looked into in the radius log, but I don't see anything when I try to change the password from the Self-Serve portal.
Additional note, I worked on getting SSL VPN working with the FortiAuthenticator via RADIUS authentication. I tested changed the password when connecting to VPN and that worked right away with the correct config. So this seems to be only related to the new self-serve portal capability to change a LDAP user.
Please try to reproduce the issue and check the radius logs https://fac-ip/debug/radius.
There should some logs there. Please check and let us know.
Finally found the issue and it wasn't related to the FortiAuthenticator at all. I decided to test changing the password of my test account on a more regular way, to find out I was getting the same error. Turns out the customer domain password policy was set to a minimum password age of over 100 days. Tested with an old account and it was working fine
Thanks for your hints.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.