Problem: A member joined to a schoolslave can not change its password. Server password change fails

Problem

A member joined to a schoolslave can not change its password. Server password change fails.

Errorcode 20: Make sure the Kerberos service is running or contact an administrator.

Environment

UCS@school
UCS4.4-8 errata 1134

Solution

In our actual documentation there is a bug. The memberserver must reside in the container server of the OU. Move the server and correct the UCR ldap/hostdn to the new place:

root@ucs:~#  /usr/sbin/univention-directory-manager computers/memberserver move \
             --dn "cn=<Memberservername>,cn=computers,ou=<OU-Name>,<$ldap_base>" \
             --position "cn=server,cn=computers,ou=<OU-Name>,<$ldap_base>"
root@ucs:~# ucr set ldap/hostdn="cn=<MemberName>,cn=server,cn=computers,ou=<OU-Name>,"$(ucr get ldap/base)

As the host dn has changed a restart of all services or a restart of the whole server is recommended.

Alternative you can deactivate the server password change on these machines: