Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.


Question: Cannot change password of user error -14120

Hello all,

I am trying to change the password of a normal user on my Mac OS 10.6.7 server, but everytime I click on save, I get the message that the password could not be saved, error -14120.

I did use enough characters, numbers and special ones in it, but it doesn´t work.

What I might add is that I am accessing the server via VNC, but this should not have any impact. Does anyone have an idea?



Mac mini, Mac OS X (10.6.7), Mac OS X Server mail

Posted on


Page content loaded

Jun 10, 2011 8:03 AM in response to Khymon1 In response to Khymon1

Based on some Googling of the symptoms (Googling for /site:apple.com password "error -14120"/ found this ) this can sometimes be triggered by bad DNS. Launch Terminal.app and issue sudo changeip -checkhostname and see if the DNS on the server reports itself as valid or invalid.

Jun 10, 2011 8:03 AM

Reply Helpful

Jun 10, 2011 11:28 AM in response to MrHoffman In response to MrHoffman


no, this is correct, DNS names do match. But I found the reason, although unfortunately, I could not see a solution at first, but then I searched the web ; unfortunately, this does not completely answer the background:

When I click on the lock symbol to unlock the settings in the Workgroup settings, I enter an account that has the rights to configure the server. And I can change all settings of the user except for the password. When I look into the server logs for passwords, I get the following error:

CHANGEPASS failed because { <id>, <username>} is not an administrator

I found the following list entry:


where this problem can be solved by the following command:

mkpassdb -setadmin <username>

I tried and now I can change the password. But I am not quite certain about the background of this command. If anybody can tell me what it does (background), I would be quite happy 🙂

EDIT: I know that there is a manpage for mkpassdb which explains it:


"-setadmin" Promotes a slot-ID to have administrator privileges for the password server. By default, administrators set with mkpassdb receive the most privileged rank (0)


Okay, but... Why did my account had the rights to create new users, to do anything else except for changing passwords? Is this some kind of bug?


Jun 10, 2011 11:28 AM

Reply Helpful

Jun 11, 2011 6:57 AM in response to Khymon1 In response to Khymon1

You may be aware of this. If so, please disregard.

There is a local store of users, and there is the domain-based store.

The local store can have local administrators, and there's a second set of users on the domain, and its own administrators and particularly (by default) the diradmin user.

Overlaps between these two can be confusing. If you're on a diradmin or other directory administrator account, then there's something wonky with your directory. If you're on a user that's not a directory administrator, then I'd not expect to administer the directory.

If the directory administrator password is stuffed up, here is the password-reset sequence: HT1194

Jun 11, 2011 6:57 AM

Reply Helpful
User profile for user: Khymon1

Question: Cannot change password of user error -14120