Local Admin K1000
Hi all,
I have the problem that I deleted by last ldap import the local admin, or is replaced with the ldap admin. My knowledge, but the local admin can not be deleted or replaced.
How do I get it back?
Many thanks in advance
I have the problem that I deleted by last ldap import the local admin, or is replaced with the ldap admin. My knowledge, but the local admin can not be deleted or replaced.
How do I get it back?
Many thanks in advance
0 Comments
[ + ] Show comments
Answers (8)
Please log in to answer
Posted by:
airwolf
12 years ago
Are you able to login with any admin account? If the local admin account was your only admin account, I hope you had SSH enabled. If SSH is enabled, support can remote into your K1000 and add the account manually.
Posted by:
scottlutz
12 years ago
You can log into the console of your appliance with the username/password of netdiag/netdiag which will allow you to reset the password of the local admin user.
I am not sure that an LDAP sync would have the ability to delete your local admin account, so I recommend going with the password reset option, which will allow you to confirm this (at least).
I am not sure that an LDAP sync would have the ability to delete your local admin account, so I recommend going with the password reset option, which will allow you to confirm this (at least).
Posted by:
THoesen
12 years ago
No, this is not the problem. Due to the ldap import so I can log on to the Kace. But I had also read that this local account can not be deleted.
The local "admin" admin was called. In my AD I also have an account named "admin". By importing the local admin has been replaced by the admin of the AD. If I delete the ldap user admin I can not get local again. Is there another way?
The local "admin" admin was called. In my AD I also have an account named "admin". By importing the local admin has been replaced by the admin of the AD. If I delete the ldap user admin I can not get local again. Is there another way?
Posted by:
airwolf
12 years ago
The import doesn't matter... do you have LDAP authentication enabled? I believe the K1000 is SUPPOSED to use local authentication first, but in my experience it won't authenticate any local accounts while LDAP authentication is enabled. So, it's most likely that the local admin account is there but it will not authenticate because the K1000 is automatically trying to login with LDAP credentials.
Posted by:
scottlutz
12 years ago
The local Admin account will always work, even if LDAP/AD auth is enabled and configured. This is be design to allow for cases when a DC is unavailable.
Posted by:
airwolf
12 years ago
Scott, I realize that is how it's supposed to work. However, I've taken my DCs offline and still fail to authenticate locally. This is a bug that I've made Dell KACE aware of probably 6-8 months ago. I'm not sure if it's fixed in 5.3 or not (we're still on 5.2).
Posted by:
scottlutz
12 years ago
I'm not sure if it's fixed in 5.3 or not (we're still on 5.2).
It works a treat in in my 5.3 demo install ;)
Posted by:
cblake
12 years ago
K1000/K2000 Local admin account is the ONLY local account that remains active when LDAP is enabled. As scott says, this is to allow an administrator to gan access to the server in the event of failure or misconfiguration of LDAP services.
@THoesen - are you saying that you had an account named admin in LDAP, and now you must use the LDAP password to log in with it? If so, please contact support for further guidance.
@THoesen - are you saying that you had an account named admin in LDAP, and now you must use the LDAP password to log in with it? If so, please contact support for further guidance.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.