A member joined to a schoolslave can not change its password. Server password change fails.
Errorcode 20: Make sure the Kerberos service is running or contact an administrator.
UCS4.4-8 errata 1134
In our actual documentation there is a bug. The memberserver must reside in the container server of the OU. Move the server and correct the UCR ldap/hostdn to the new place:
root@ucs:~# /usr/sbin/univention-directory-manager computers/memberserver move \ --dn "cn=<Memberservername>,cn=computers,ou=<OU-Name>,<$ldap_base>" \ --position "cn=server,cn=computers,ou=<OU-Name>,<$ldap_base>" root@ucs:~# ucr set ldap/hostdn="cn=<MemberName>,cn=server,cn=computers,ou=<OU-Name>,"$(ucr get ldap/base)
As the host dn has changed a restart of all services or a restart of the whole server is recommended.
Alternative you can deactivate the server password change on these machines: