Automatic update/change of computer account password

Hello,
we have several LinuxMint desktops Linux servers (CentOS, Ubuntu) that are integrated into the UCS LDAP domain following the instructions in the documentation.

On a regular base we then have the problem that the computer account password in the domain expires and logins stop working. Since we use SSSD caching most often only after a password change of a user.

For UCS servers there is a description how this is automatically handled and can also be triggered manually.

But how do I do this with non-UCS systems? I could not find any documentation or example.

BR,
Jörn

Nobody else run into this problem?

Hi,

I’m not sure if the instructions you linked are still up to date. We all work with Linuxmit desktops here and also have some non-UCS servers (Ubuntu-based).

For all of them I have the script:

for the ADS join and have never had the problem you describe.

Alternatively, the Ubuntu UCS join is available. I cannot say whether this works on Linuxmint.

with best
sven

Hi Sven,
Thanks for your response. I had a look at your script and into realmd. The big difference to the documentation I linked is that with UCS realmd uses the AD connector instead of LDAP connector.

But we rely on some LDAP features that I did not find equivilents to on the AD connector like the LDAP sudo rules.

I would like to hear a comment from Univention staff on this topic since our setup follows the official documentation.
Which LDAP attribute is checked for computer accounts during bind for expiry?

BR,
Jörn

just saw that this was posted 2h ago: Q&A: Can I deactivate the server-password-change

Does this disable the password change requirement for computer accounts?

Mastodon