Unable to reset password using User Account policy in 9.97

bbot
Contributor

On 8 out of 500 machines, I'm receiving errors when trying to reset password's through the JSS. The password has a symbol, number, and lowercase. I'm trying to understand why 8 machines are receiving these errors while others are succeeding.

Worst case scenario, does anyone know of another way to reset passwords through terminal? I can SSH into their machines and reset it that way.

Executing Policy Reset macadmin password
Failed global policy "ProfilePayload:6XXXXDE-6734-479B-AXX4-05EXXX1C6E:requireAlphanumeric"
Error resetting the password for user macadmin

and

Executing Policy Reset macadmin password
Password change failed because password does not meet minimum quality requirements.
Error resetting the password for user macadmin

1 ACCEPTED SOLUTION

Chris
Valued Contributor

@bbot : Just ran into this.
Run

pwpolicy getaccountpolicies

to check if there's a password policy in place.
To clear it, run

pwpolicy clearaccountpolicies

After that I was able to change passwords again (locally and through Casper).

View solution in original post

9 REPLIES 9

bbot
Contributor

I've tried re-enrolling to Casper using the quickadd package but still no luck..

Anyone out there get similar errors when trying to reset the password? It seems like a configuration profile is stuck on their machine. I'm looking at the profile payload and it doesn't match up to the machines profile list or anything we currently have active.

LRZ_Jamf
Contributor

Editing the Password of the Management account works here.

But "Password change failed because password does not meet minimum quality requirements." Sounds like the user has set some Password requirements your specific password DOES NOT meet. Choose a more secure one.

bbot
Contributor

@LRZ_Jamf I agree, sounds like it doesn't meet the minimum quality requirements, but what's puzzling is that it works on the 492 other machines.

How can a user independently set password requirements on the local admin account that we administer?

Our new password is the same length, with symbols, numbers and letters as well.

SimonLovett
New Contributor III

There used to be a fault in a version or two of the JSS where you couldn't use certain symbols in a password. I thought it might have been fixed, but it might be worth your while just testing whether those machines will take a simple alphanumeric password like Upp3rAndL0w3rC453 ... in which case you might have to revise your password to avoid hitting whichever the dodgy symbol was...

bbot
Contributor

I ssh'd into one of the affected machines and tried to reset the password using "passwd" and got an "authentication token failure" error. Looks like there might be something funky going on with these machines.

bbot
Contributor

Tried resetting the password to something different to no avail.

Also tried deleting the account (successful), then recreated the account with a new password (successful), but now I can't login with the account.

Chris
Valued Contributor

@bbot : Just ran into this.
Run

pwpolicy getaccountpolicies

to check if there's a password policy in place.
To clear it, run

pwpolicy clearaccountpolicies

After that I was able to change passwords again (locally and through Casper).

bbot
Contributor

@Chris This worked perfectly! Just curious, how did you find the solution to this? I spent hours looking for a resolution... Jamf support also wasn't able to find me a resolution.

Chris
Valued Contributor

I happened to know about pwpolicy, but it took me a few minutes to make the connection to the error message ;)