Go Back   The macosxhints Forums > OS X Help Requests > OS X Server



Reply
 
Thread Tools Rating: Thread Rating: 12 votes, 5.00 average. Display Modes
Old 03-10-2012, 04:46 PM   #1
spookybathtub
Prospect
 
Join Date: Apr 2007
Posts: 12
passwd general failure for non-admins

I'm running 10.7.3 server. When a non-admin user issues the "passwd" command, the response is "general failure". Is this expected behavior? I can't find it in the man page.

Part 2 of my question: If that's not going to work, I need to find another way to change passwords. I have several non-admin user accounts created only for wiki access. They do not have ssh or AFP or GUI login access. I wanted to use this php script (http://msyk.net/macos/changepassword), which works using the passwd command. But if that's not going to work, what am I supposed to do?
spookybathtub is offline   Reply With Quote
Old 03-11-2012, 01:02 PM   #2
agentx
Hall of Famer
 
Join Date: Feb 2003
Location: Brighton, UK
Posts: 4,120
Standard users will not be able to use passwd command even with own account as i think it is a restricted binary for admin users/sudoers.

However Users can use the Server "web portal" to change password once it is all turned on in Server.app and default web services site is being served out on network.

You edit the Default site > Allow User to change their password checkbox.
However you have to have Profile Manager enabled for this to work which opens another can of worms ;-)
agentx is offline   Reply With Quote
Old 03-11-2012, 05:55 PM   #3
spookybathtub
Prospect
 
Join Date: Apr 2007
Posts: 12
Oh great. That is a can of worms indeed. Here are the problems I have:
1. When I try to enable Profile Manager in Server.app, it looks like it's on, but then if I leave that pane or quit the app and come back to it, Profile Manager is turned off.
2. If I try to configure Profile Manager in Server.app, it says "This certificate isn't signed by a trusted certificate authority..." I'm using a self-signed certificate, but it won't let me simply dismiss the error.
3. In the Web server pane, if I try to edit the default site, all the options are greyed out, including the one to allow users to change their password.
spookybathtub is offline   Reply With Quote
Old 03-11-2012, 06:46 PM   #4
agentx
Hall of Famer
 
Join Date: Feb 2003
Location: Brighton, UK
Posts: 4,120
Welcome to lion server :-) it is still very quirky.
Too late here to go into it. But it involves resetting profile manager, maybe web services, getting push notifications cert, self cert is ok for small installs.

But you could also look at using /etc/authorisation it may allow you to achieve allowing password changes in sys prefs.
agentx is offline   Reply With Quote
Old 03-12-2012, 10:49 PM   #5
spookybathtub
Prospect
 
Join Date: Apr 2007
Posts: 12
Thanks for the tips. I got Profile Manager to work by simply resetting some of apache's config as described here. So now the password change web portal is working, but only for admin users. If a non-admin tries, it gives the error: Your request could not be completed. The password server may be unavailable. Any ideas here?
spookybathtub is offline   Reply With Quote
Old 03-14-2012, 07:15 AM   #6
agentx
Hall of Famer
 
Join Date: Feb 2003
Location: Brighton, UK
Posts: 4,120
I have seen this issue when the Users were first created as local users then OD is enabled
Is this the case ?

If so you wil have to recreate/reimport users into OD. Or to test create a new OD standard user and see if passwordreset works.

You can laso check WGM > Username > Advanced Tab > Options check to see if Allow User to change password is checked.
agentx is offline   Reply With Quote
Old 03-14-2012, 03:55 PM   #7
spookybathtub
Prospect
 
Join Date: Apr 2007
Posts: 12
I'm sort of fuzzy on the OD. I've never thought we had a need for it, but maybe we do now. I did create the users using WGM. But I'm not really sure if we're even running OD. How do I tell if a user is local or OD?
spookybathtub is offline   Reply With Quote
Old 03-14-2012, 04:49 PM   #8
agentx
Hall of Famer
 
Join Date: Feb 2003
Location: Brighton, UK
Posts: 4,120
Welcome to the wonderful but PITA world of directory services. It is big topic but many of the services on Lion server are reliant on having OD user not local user accounts.

What is your setup ? And what are you trying to achieve ?

Network accounts and local accounts are different. In server app if there is a little blue globe next to user and more than likely the user ID is >1000 this is a network account. Once a machine is bound to the directory you can login with these network acc details and have either a local home directory, a portable home directory or network home directory. Big topic :-)

I think some reading is in order....
agentx is offline   Reply With Quote
Old 03-19-2012, 05:21 AM   #9
spookybathtub
Prospect
 
Join Date: Apr 2007
Posts: 12
OK I figured out a lot of things this weekend. All my users accounts had uid's above 1000 because they were created in Leopard's open directory. For some reason, open directory had been turned off between then and now, so the Lion user accounts were all local. I deleted them all, and enabled open directory, then recreated network users and all is well. Users can change their own passwords via the web portal. Thanks for all your help!
spookybathtub is offline   Reply With Quote
Old 03-19-2012, 05:26 AM   #10
agentx
Hall of Famer
 
Join Date: Feb 2003
Location: Brighton, UK
Posts: 4,120
Glad to be of help and well done for getting it all sorted.
agentx is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 04:16 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.