Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Cannot change password of user error -14120

Hello all,


I am trying to change the password of a normal user on my Mac OS 10.6.7 server, but everytime I click on save, I get the message that the password could not be saved, error -14120.


I did use enough characters, numbers and special ones in it, but it doesn´t work.


What I might add is that I am accessing the server via VNC, but this should not have any impact. Does anyone have an idea?


Greets,

Khymon

Mac mini, Mac OS X (10.6.7), Mac OS X Server mail

Posted on

Reply

Page content loaded

Jun 10, 2011 8:03 AM in response to Khymon1 In response to Khymon1

Based on some Googling of the symptoms (Googling for /site:apple.com password "error -14120"/ found this ) this can sometimes be triggered by bad DNS. Launch Terminal.app and issue sudo changeip -checkhostname and see if the DNS on the server reports itself as valid or invalid.

Jun 10, 2011 8:03 AM

Reply Helpful

Jun 10, 2011 11:28 AM in response to MrHoffman In response to MrHoffman

Hi,


no, this is correct, DNS names do match. But I found the reason, although unfortunately, I could not see a solution at first, but then I searched the web ; unfortunately, this does not completely answer the background:


When I click on the lock symbol to unlock the settings in the Workgroup settings, I enter an account that has the rights to configure the server. And I can change all settings of the user except for the password. When I look into the server logs for passwords, I get the following error:


CHANGEPASS failed because { <id>, <username>} is not an administrator


I found the following list entry:


http://lists.apple.com/archives/macos-x-server/2005/Jan/msg00348.html


where this problem can be solved by the following command:


mkpassdb -setadmin <username>


I tried and now I can change the password. But I am not quite certain about the background of this command. If anybody can tell me what it does (background), I would be quite happy 🙂


EDIT: I know that there is a manpage for mkpassdb which explains it:


---copy&paste---

"-setadmin" Promotes a slot-ID to have administrator privileges for the password server. By default, administrators set with mkpassdb receive the most privileged rank (0)

---copy&paste---


Okay, but... Why did my account had the rights to create new users, to do anything else except for changing passwords? Is this some kind of bug?


Greets!

Jun 10, 2011 11:28 AM

Reply Helpful

Jun 11, 2011 6:57 AM in response to Khymon1 In response to Khymon1

You may be aware of this. If so, please disregard.


There is a local store of users, and there is the domain-based store.


The local store can have local administrators, and there's a second set of users on the domain, and its own administrators and particularly (by default) the diradmin user.


Overlaps between these two can be confusing. If you're on a diradmin or other directory administrator account, then there's something wonky with your directory. If you're on a user that's not a directory administrator, then I'd not expect to administer the directory.


If the directory administrator password is stuffed up, here is the password-reset sequence: HT1194

Jun 11, 2011 6:57 AM

Reply Helpful
User profile for user: Khymon1

Question: Cannot change password of user error -14120