We have mostly completed a migration on our corporate network from NetWare 6.5 to OES2sp1 on SLES10sp2.

We ran into an interesting problem concerning OES2 DHCP that has potential ramification on the rest of the configured OES products.

Some background, we are a team of four, each having our own individual "admin" accounts with full rights to the tree. When we built the pre-migration Linux servers and performed the OES2 migration/configuration, we used these individual accounts for this purpose. Our OES2 network is comprised of 58 geographically dispersed fileservers that are managed from a central location, so we each "own" roughly 15 server each.

The DHCP issue exhibited an inability for the daemon to connect via LDAP on the host server when started. Presumably to pull DHCP configuration info from eDirectory. Turning on the LDAP trace on the server showed a -669 (invalid password) error when the daemon was loading. The problem turned out to be; the person who had configured the server had changed his admin password since the server had been configured. When he reverted to his previous password the service was again able to connect via LDAP authentication and start. While troubleshooting this issue, I (with a different admin account) attempted to re-configure DHCP through YAST2->OES2 configuration and was prompted for the password of the person who had initially built the server, with no ability to change the cn of the user name requested. At this point the person was unavailable, so I changed his password and it still would not let me configure the service and the daemon still failed on startup. This indicates to me that the password of the account used to create and configure the Linux server is written into file(s) somewhere in the servers configuration.

We need to have the ability to change our Admin passwords without risking system service integrity, while not sharing having to share it amongst the other Admins. Seeing how changing the password after the fact breaks the services ability to authenticate, I have to assume that this will affect all OES2 configured services, DHCP was the only one we encountered having an issue and being a Prod server we were hesitant so stop and restart other daemons to see if they were actually affected.

My question is; how can we change the systems owner to another generic LUM enabled account for the purposes of daemons that require LDAP authentication to eDirectory to pull configuration info and for reconfiguration purposes? Will this require the reconfiguration of all of the installed OES components?

This situation was unexpected as, in NetWare as long as you had admin access you could make what ever changes were needed to the server regardless of who initially configured it.

Brave new world this Linux is...

Thanks in advance.