Originally my SA-4000 was running 5.3 code and password management worked. Upgraded to 5.5 OS and the login banner for password expiration stopped working (among other things ) but users could still change their password under preferences.
In order to fix a network connect issue with 5.5, I upgraded to 6.1R2-1 (latest version). It seems to have restored my Password Expiration warning (still hasn't fixed my NC issue), but now it refuses to let the users change their password. So now when a user logs in and it says "Password Expired, you must change it" it won't let them. It just tells them "Could not change password".
I'm using LDAPS, the certs on my Auth servers are valid, and my CA is trusted by the IVE.
I'm not sure what else to do at this point.
Solved! Go to Solution.
Not sure if this is a bug in 6.1R2-1, but here is a URL that may help you troubleshoot this issue. If this doesn't help you may want to contact the TAC and have them help debug your issue.
Seems that the IVE OS's are full of bugs. Everytime I have one, the solution from Juniper is always to upgrade to another version. Then, it might fix it (most of the time it doesn't), and it breaks something else. I've had a case open with JTAC over Network Connect issues for almost a year and have upgraded and rolled back over 5 times to try and fix it. Started when I went to 5.3 and hasn't been right since.
Currently I am at 6.0R5.
Gentlemen, thanks for the info. I've always used the Administrator for the domain. It was set up like that by my predecessor.
I even tried other accounts, domain admins, users etc. No joy.
It worked in 5.5. Config didn't change between upgrades.