Wiederherstellen des Administrator-Account

Hoff · 2006-05-18 12:21:20 UTC

Der Administrator-Account kann durch das Kommandozeilen-Programm univention-admin wiederhergestellt werden, wenn dieser gelöscht wurde.

Führen Sie dazu in der Kommandozeile des Domaincontroller-Master die folgenden beiden Kommandos aus.

eval `univention-baseconfig shell ldap/base`
univention-admin users/user create --position cn=users,$ldap_base --set \
  username=Administrator --set lastname=Administrator --set password=univention \
  --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-reference \
  cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base

khampasith · 2018-10-20 09:36:06 UTC

Hi
I try but does’t work

khampasith · 2018-10-22 07:30:18 UTC

root@email:~# univention-admin users/user create --position cn=users,$ldap_base                                  --set
option --set requires argument
root@email:~# username=management --set lastname=Administrator --set password=un                                 ivention
-bash: --set: command not found
root@email:~# --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-refe                                 rence
-bash: --set: command not found
root@email:~# cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base

Moritz_Bunkus · 2018-10-22 07:36:31 UTC

Those four lines were supposed to be typed as a single line. I’ve fixed the formatting to reflect this and make copying & pasting easier.

khampasith · 2018-10-22 07:48:56 UTC

I try agian


root@cloud:~# univention-admin users/user create --position cn=users,$ldap_base --set username=management --set lastname=Administrator --set password=univention --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-reference cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 218, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 398, in doit
    out = _doit(arglist)
  File "/usr/lib/pymodules/python2.7/univention/admincli/admin.py", line 590, in _doit
    position.setDn(position_dn)
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 276, in setDn
    dn = ldap.dn.str2dn(dn)
  File "/usr/lib/python2.7/dist-packages/ldap/dn.py", line 53, in str2dn
    return ldap.functions._ldap_function_call(None,_ldap.str2dn,dn,flags)
  File "/usr/lib/python2.7/dist-packages/ldap/functions.py", line 66, in _ldap_function_call
    result = func(*args,**kwargs)
DECODING_ERROR
root@cloud:~#

Moritz_Bunkus · 2018-10-22 07:51:54 UTC

Well… that command you’ve posted works fine for me, and I’ve never seen a DECODING_ERROR when using udm/univention-admin. I cannot help you with that, I’m afraid.

khampasith · 2018-10-22 08:03:09 UTC

Can you post you sucess commmand for me?
I try two diffrent server but I got sam error with “DECODING_ERROR”

Moritz_Bunkus · 2018-10-22 08:04:34 UTC

I copied & pasted the same command you already posted. No need for me to post it again.

khampasith · 2018-10-22 08:08:03 UTC

Do you have other command for creat user with administrator group?

Moritz_Bunkus · 2018-10-22 08:09:09 UTC

No, I don’t.

(post must be at least 20 characters…)

khampasith · 2018-10-22 08:15:27 UTC

I have more question
Can I modify Administrator user to use Root’s password again? becasue administrator user was link to active directory before and I removed adconnector but I still can’t login Administrator with Root password
Can you help me?

Moritz_Bunkus · 2018-10-22 11:23:53 UTC

Sure, you can use udm (or univention-admin; both are the same tool) for that, too. The basic syntax is udm users/user modify --dn … --set password=NewPassword, but I wouldn’t be surprised if you run into the same DECODING_ERROR that you’ve already run into as your system seems to have some kind of fundamental issue.

Christian_Voelker · 2018-10-22 12:21:51 UTC

Hi,
there is a “user decoding mismatch”.

The first post shows TWO commands to be run! Otherwise you will get your decoding error.

So type:

eval `univention-baseconfig shell ldap/base`

followed by:

univention-admin users/user create --position cn=users,$ldap_base --set username=management --set lastname=Administrator --set password=univention --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-reference cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base

And you will have your Administrator back.

As long as you do not set the variables used in the second command (ie $ldap_base) you will have your error. The first command will set these varaibles.

/CV

khampasith · 2018-10-23 06:46:11 UTC

Christian_Voelker:

Hi,
there is a “user decoding mismatch”.

The first post shows TWO commands to be run! Otherwise you will get your decoding error.

So type:
eval `univention-baseconfig shell ldap/base`
followed by:
univention-admin users/user create --position cn=users,$ldap_base --set username=management --set lastname=Administrator --set password=univention --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-reference cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base
And you will have your Administrator back.

As long as you do not set the variables used in the second command (ie $ldap_base) you will have your error. The first command will set these varaibles.

/CV

Thank you so much Now My administrator is back

khampasith · 2018-10-23 07:10:42 UTC

Hi
I need more help with User management Now I can login as Administrator and I remove adconnector my purpose is I want to take over user form AD to univention user I try to edit user but can’t do that

Attention: The user "file.sod" is part of the Active Directory domain. UCS can only change certain attributes.

Is there any way to take over user?
Thank you

Christian_Voelker · 2018-10-23 07:24:44 UTC

Sorry, this has nothing to do with the 12 year old thread you re-opened recently.

Please create a new thread for this topic.

It is not helpful to mix different topics into a single thread.

/CV