Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
epoirier-dd
New Contributor II

Fortiauthenticator self serve password reset LDAP

Hi everyone,

 

I'm kind of very new to FortiAuthenticator. I am working on setting up one at a customer. I am having issues with the self serve portal (not the legacy one) for the password change.

 

I have setup both LDAPS and the FortiAuthenticator is joined to the domain (although documentation said I need only one of these, issue below was not working with only LDAPS).

 

When trying to change the password for my test user, whatever I put as new password, it doesn't want to take it. I have tried complex, short or long password or even simple ones, I always get the error message below.

 

epoirierdd_0-1655153824627.png

If anyone have any hint, that would be greatly appreciated.

1 Solution
epoirier-dd
New Contributor II

Finally found the issue and it wasn't related to the FortiAuthenticator at all. I decided to test changing the password of my test account on a more regular way, to find out I was getting the same error. Turns out the customer domain password policy was set to a minimum password age of over 100 days. Tested with an old account and it was working fine

 

Thanks for your hints.

View solution in original post

4 REPLIES 4
Markus_M
Staff
Staff

Hi and welcome to the FortiAuthenticator.

First thing to check is the debug log that can be seen with https://fac-ip/debug/radius

There you find all sorts of authentication logs; these might help to see more details about the problem.

 

Best regards,

 

Markus

epoirier-dd
New Contributor II

Hi Markus, thanks for the reply!

 

I have looked into in the radius log, but I don't see anything when I try to change the password from the Self-Serve portal. 

 

Additional note, I worked on getting SSL VPN working with the FortiAuthenticator via RADIUS authentication. I tested changed the password when connecting to VPN and that worked right away with the correct config. So this seems to be only related to the new self-serve portal capability to change a LDAP user. 

warshad
Staff
Staff

Please try to reproduce the issue and check the radius logs https://fac-ip/debug/radius.

 

There should some logs there. Please check and let us know.

 

Waqas Arshad
Fortinet
epoirier-dd
New Contributor II

Finally found the issue and it wasn't related to the FortiAuthenticator at all. I decided to test changing the password of my test account on a more regular way, to find out I was getting the same error. Turns out the customer domain password policy was set to a minimum password age of over 100 days. Tested with an old account and it was working fine

 

Thanks for your hints.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors