FreeIPA - password change works only for users with "System: change user password" permission.

[tennaen]

As metioned above. When i am trying to reset password for user, who has admin rights in IPA, there is no problem with password change. When i do same thing to a normal user i get "LDAP: error code 50 - Insufficient 'write' privilege to the 'ipaNTHash' attribute" My proxy user has permissions to change password. I am using PWM 1.8.0.

[zwolfinger]

I have the same problem. Recently enbled ipaNTHash on the FreeIPA server so we could use RADIUS with MSCHAP on our switches.

[ondj]

For me works this command:

ipa selfservice-mod --attrs=ipaNTHash "Self can write own password"

This adds permission to edit ipaNTHash own field.