Hi, our vpn is using Local authentication, is there any way to allow user update the password by themselves?
I have checked from here: https://openvpn.net/access-server-manua ... rmissions/
It seems it is possible with the setting of the CLient Web Server section, but I cant see it in on the GUI
Local Password
You can manage some password options for each user here. Enter the local password they will authenticate with when attempting to connect to the Access Server in the Password field. Below that, choose whether to allow password changes and/or enable password strength checking in the Client Web Server (CWS).
Allow password change from CWS:
Default = Inherit the group or global setting (defined in group permissions or in CWS settings).
Yes = user can change their password after logging in to the CWS.
No = user will not have an option to change their password and it must be managed by you or another administrator.
How to allow/enforce user to change their own password
-
_Alien
- OpenVpn Newbie
- Posts: 3
- Joined: Sun May 31, 2020 4:18 pm
-
Techie
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Apr 02, 2020 7:14 am
Re: How to allow/enforce user to change their own password
Login to Device using Admin Credentials. Navigate to Portals -> Domains -> Local Domains -> Click on Edit Configuration -> Enable Allow Password Change and Require Password change on next logon -> Click on Accept to save the configuration. Local user login will be prompted for changing the password.
-
novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: How to allow/enforce user to change their own password
Hello _Alien,
In OpenVPN Access Server, assuming you have a recent version, you can go to the Admin UI, and then to Configuration > CWS Settings. At the bottom are 2 toggles:
Allows Users to change their own password
Enforce strong passwords when changing
There is no FORCE user to change password on next login option yet.
This only works in authentication mode LOCAL where Access Server is in control of the credentials. If you use PAM, RADIUS, or LDAP, Access Server is not in control of the credentials and therefore then it won't work.
You can also set per user and per group this particular permission.
The user can login at the main web interface of Access Server where he/she can also download the OpenVPN Connect v2 or v3 software, and there will be a change password button there, if this function is enabled and the user is allowed to change his password.
In OpenVPN Access Server, assuming you have a recent version, you can go to the Admin UI, and then to Configuration > CWS Settings. At the bottom are 2 toggles:
Allows Users to change their own password
Enforce strong passwords when changing
There is no FORCE user to change password on next login option yet.
This only works in authentication mode LOCAL where Access Server is in control of the credentials. If you use PAM, RADIUS, or LDAP, Access Server is not in control of the credentials and therefore then it won't work.
You can also set per user and per group this particular permission.
The user can login at the main web interface of Access Server where he/she can also download the OpenVPN Connect v2 or v3 software, and there will be a change password button there, if this function is enabled and the user is allowed to change his password.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.