Automatic update/change of computer account password

jolentes · March 2, 2021, 12:32pm

Hello,
we have several LinuxMint desktops Linux servers (CentOS, Ubuntu) that are integrated into the UCS LDAP domain following the instructions in the documentation.

On a regular base we then have the problem that the computer account password in the domain expires and logins stop working. Since we use SSSD caching most often only after a password change of a user.

For UCS servers there is a description how this is automatically handled and can also be triggered manually.

But how do I do this with non-UCS systems? I could not find any documentation or example.

BR,
Jörn

jolentes · March 10, 2021, 10:16am

Nobody else run into this problem?

pixel · March 11, 2021, 7:14am

Hi,

I’m not sure if the instructions you linked are still up to date. We all work with Linuxmit desktops here and also have some non-UCS servers (Ubuntu-based).

For all of them I have the script:

for the ADS join and have never had the problem you describe.

Alternatively, the Ubuntu UCS join is available. I cannot say whether this works on Linuxmint.

with best
sven

jolentes · March 11, 2021, 10:37am

Hi Sven,
Thanks for your response. I had a look at your script and into realmd. The big difference to the documentation I linked is that with UCS realmd uses the AD connector instead of LDAP connector.

But we rely on some LDAP features that I did not find equivilents to on the AD connector like the LDAP sudo rules.

I would like to hear a comment from Univention staff on this topic since our setup follows the official documentation.
Which LDAP attribute is checked for computer accounts during bind for expiry?

BR,
Jörn

jolentes · March 11, 2021, 10:39am

just saw that this was posted 2h ago: Q&A: Can I deactivate the server-password-change

Does this disable the password change requirement for computer accounts?