User experiences an error, 'failed to change password' when trying to change his password.
Below was the entry that was showing up in var/log/hostd.log:
2018-07-05T22:39:17.954Z info hostd[FA81B70] [Originator@6876 sub=Solo.Vmomi opID=db0a2561 user=test] Throw vim.fault.NoPermission
2018-07-05T22:39:17.954Z info hostd[FA81B70] [Originator@6876 sub=Solo.Vmomi opID=db0a2561 user=test] Result:
--> (vim.fault.NoPermission) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> object = 'vim.Folder:ha-folder-root',
--> privilegeId = "Host.Local.ManageUserGroups"
As per the above snippet, we proceeded into the custom role that we had created and assigned the privilege --> Host>Local>ManageUserGroups. We then proceeded to update the password for the user and it worked perfectly.
This issue occurs, if the user who is attempting to change his password is not assigned with the required privilege.
Below are the steps to add the missing privilege to the user:
1. Login to the ESXi host web client with root credentials.
2. Select Manage
3. Click on Security & users tab and in the left page > Select Roles
4. Find and select the role that is assigned to the non-administrative user in question, and click on Edit role
5. From the list, scroll down and click on Host > then click on Local > then select or check mark, ManageUserGroups privilege and click on Save
The non-administrative user who has this role assigned should be able to update or change his password himself.
Note: Resetting passwords privilege for any user accounts still remain with the administrator/root user account.