[SOLVED] Userside passwords change

[marijn]

We're using a pretty simple Zentyal 3.5 install here to authenticate our users to our NAS (nas4free) or their system. I force users to change their passwords every 3 months. But...

A couple of users is using a mobile account on their macbooks. They connect to the NAS with there Zentyal Active Directory account. But when the password is expired there is no way to reset the users password.
SSH to the server doesn't work because the logged-in user doesn't have a connection the the Zentyal LDAP itself. And changing the password via the webinterface doesn't work because it's not a admin.

How to fix this because i'm getting users at my desk the whole day Any suggestions?

[robb]

Maybe you can 'downgrade' to Zentyal 3.2 and use the usercorner.

[marijn]

Maybe, but downgrading doesn't look like a solution isn't it?

[robb]

Depends on what features you need. Personaly I would favor Zentyal 3.2 by far over Zentyal 3.5 or 4.0, because of the stability/maturity of Zentyal 3.2

[marijn]

Features currently using are all the parts for a domain controller in our case; Samba4, RADIUS, DNS and Jabber, no mail or something like that. And how "futureproof" is Zentyal 3.2 then for you?

[Gopher]

3 months is frankly ridiculous, all you're doing there is really annoying your users.
Password security needs to take account of the ease of breaking the password, and what a typical user can be expected to remember.
The most recent research I have read suggests that frequent password changes will encourage your users to use obvious passwords that are easy to guess or remember, or they compromise your security by writing it down on their phone or some other easily mislaid item like a postit.
I would instead focus on ensuring the passwords used are of a sensible length to make cracking them difficult.

[royceb]

IF your computers/users are on a domain then they can change their own passwords without issue.  Beyond that, you all have stated the obvious.

[robb]

Since Zentyal 3.2 also happens to be a commercial version, the module updates still get released, also for the community version.
Zentyal 3.2 is based on Ubuntu 12.02 so you are set until April 2017.

[marijn]

Sounds resonable to downgrade the machine. Also because version 4.0 is not usable for use because of the lack of radius. But after 2017.... 

[robb]

I take it that by that time you might need some new hardware and meanwhile, you have plenty of time searching for alternatives, or add a separate solution to fill in the dropped Zentyal modules.

[marijn]

True, maybe it's good that Zentyal 4.0 dropped some modules, in that case it could be easier to add modules myself.

Let's consider it as solved.

[Mittelerde]

hi there

..works maybe ?

the user press ctrl+alt+del
-> change password

[marijn]

Nope not the Mac OS X users that have a mobile account. Even ctrl+alt+delete doesn't work