Koozali.org: home of the SME Server

h You don't have permission to access /user-password on this serverttps

Offline solom2i

  • 5
  • +0/-0
dear sme server 8.1

i'm using sme server 8.1 in the remote area. Then when someone try to change is password and  using this link "https://my-public -ip/user-password" he get  message like this:

Forbidden

You don't have permission to access /user-password on this server.


But in local area there is no problem. i feel that it'is a problem of access right when you are not in thr LAN.

Please can someone help me.


regards

guest22

Re: h You don't have permission to access /user-password on this serverttps
« Reply #1 on: December 21, 2014, 08:24:51 PM »
Hi and welcome,

in server manager, under remote access, you need to add a remote management network. This should be the public IP/Netmask of the user that want's to change the password. Once the password has changed, you want to remove the remote management IP again.

This is one of the default security features of SME Server.

Offline solom2i

  • 5
  • +0/-0
Re: h You don't have permission to access /user-password on this serverttps
« Reply #2 on: December 23, 2014, 09:21:09 PM »
i would like that all emails accounts owners use this link "https://server/user-password" to change their password everywhere they are

guest22

Re: h You don't have permission to access /user-password on this serverttps
« Reply #3 on: December 23, 2014, 09:35:25 PM »
A VPN connection is the only *secure* way to do that. There is a very unsecure way tho.

Offline solom2i

  • 5
  • +0/-0
Re: h You don't have permission to access /user-password on this serverttps
« Reply #4 on: December 23, 2014, 11:01:06 PM »
what is the unsecure way

guest22

Re: h You don't have permission to access /user-password on this serverttps
« Reply #5 on: December 23, 2014, 11:05:22 PM »
add 0.0.0.0/0.0.0.0 as a remote management network. This will open up server manager access to the world too.

So don't use it. BUT use it with a pre-defined time frame, during which you add the 0.0.0.0, and staff can change stuff, and close it after an hour or so.

You're on your own using this.

Offline solom2i

  • 5
  • +0/-0
Re: h You don't have permission to access /user-password on this serverttps
« Reply #6 on: December 23, 2014, 11:22:54 PM »
think you
i test your solution
it's well



Best regard