Wiederherstellen des Administrator-Account

Hoff · May 18, 2006, 12:21pm

Der Administrator-Account kann durch das Kommandozeilen-Programm univention-admin wiederhergestellt werden, wenn dieser gelöscht wurde.

Führen Sie dazu in der Kommandozeile des Domaincontroller-Master die folgenden beiden Kommandos aus.

eval `univention-baseconfig shell ldap/base`
univention-admin users/user create --position cn=users,$ldap_base --set \
  username=Administrator --set lastname=Administrator --set password=univention \
  --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-reference \
  cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base

khampasith · October 20, 2018, 9:36am

Hi
I try but does’t work

khampasith · October 22, 2018, 7:30am

root@email:~# univention-admin users/user create --position cn=users,$ldap_base                                  --set
option --set requires argument
root@email:~# username=management --set lastname=Administrator --set password=un                                 ivention
-bash: --set: command not found
root@email:~# --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-refe                                 rence
-bash: --set: command not found
root@email:~# cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base

Moritz_Bunkus · October 22, 2018, 7:36am

Those four lines were supposed to be typed as a single line. I’ve fixed the formatting to reflect this and make copying & pasting easier.

khampasith · October 22, 2018, 7:48am

I try agian


root@cloud:~# univention-admin users/user create --position cn=users,$ldap_base --set username=management --set lastname=Administrator --set password=univention --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-reference cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 218, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 398, in doit
    out = _doit(arglist)
  File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 590, in _doit
    position.setDn(position_dn)
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 276, in setDn
    dn = ldap.dn.str2dn(dn)
  File "/usr/lib/python2.7/dist-packages/ldap/dn.py", line 53, in str2dn
    return ldap.functions._ldap_function_call(None,_ldap.str2dn,dn,flags)
  File "/usr/lib/python2.7/dist-packages/ldap/functions.py", line 66, in _ldap_function_call
    result = func(*args,**kwargs)
DECODING_ERROR
root@cloud:~#

Moritz_Bunkus · October 22, 2018, 7:51am

Well… that command you’ve posted works fine for me, and I’ve never seen a DECODING_ERROR when using udm/univention-admin. I cannot help you with that, I’m afraid.

khampasith · October 22, 2018, 8:03am

Can you post you sucess commmand for me?
I try two diffrent server but I got sam error with “DECODING_ERROR”

Moritz_Bunkus · October 22, 2018, 8:04am

I copied & pasted the same command you already posted. No need for me to post it again.

khampasith · October 22, 2018, 8:08am

Do you have other command for creat user with administrator group?

Moritz_Bunkus · October 22, 2018, 8:09am

No, I don’t.

(post must be at least 20 characters…)

khampasith · October 22, 2018, 8:15am

I have more question
Can I modify Administrator user to use Root’s password again? becasue administrator user was link to active directory before and I removed adconnector but I still can’t login Administrator with Root password
Can you help me?

Moritz_Bunkus · October 22, 2018, 11:23am

Sure, you can use udm (or univention-admin; both are the same tool) for that, too. The basic syntax is udm users/user modify --dn … --set password=NewPassword, but I wouldn’t be surprised if you run into the same DECODING_ERROR that you’ve already run into as your system seems to have some kind of fundamental issue.

Christian_Voelker · October 22, 2018, 12:21pm

Hi,
there is a “user decoding mismatch”.

The first post shows TWO commands to be run! Otherwise you will get your decoding error.

So type:

eval `univention-baseconfig shell ldap/base`

followed by:

univention-admin users/user create --position cn=users,$ldap_base --set username=management --set lastname=Administrator --set password=univention --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-reference cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base

And you will have your Administrator back.

As long as you do not set the variables used in the second command (ie $ldap_base) you will have your error. The first command will set these varaibles.

/CV

khampasith · October 23, 2018, 6:46am

Christian_Voelker:

Hi,
there is a “user decoding mismatch”.

The first post shows TWO commands to be run! Otherwise you will get your decoding error.

So type:
eval `univention-baseconfig shell ldap/base`
followed by:
univention-admin users/user create --position cn=users,$ldap_base --set username=management --set lastname=Administrator --set password=univention --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-reference cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base
And you will have your Administrator back.

As long as you do not set the variables used in the second command (ie $ldap_base) you will have your error. The first command will set these varaibles.

/CV

Thank you so much Now My administrator is back

khampasith · October 23, 2018, 7:10am

Hi
I need more help with User management Now I can login as Administrator and I remove adconnector my purpose is I want to take over user form AD to univention user I try to edit user but can’t do that

Attention: The user "file.sod" is part of the Active Directory domain. UCS can only change certain attributes.

Is there any way to take over user?
Thank you

Christian_Voelker · October 23, 2018, 7:24am

Sorry, this has nothing to do with the 12 year old thread you re-opened recently.

Please create a new thread for this topic.

It is not helpful to mix different topics into a single thread.

/CV