Authentication for Network Admins

Overview

In addition to their wireless and VPN accounts in ou=People,ou=NIS,o=vt, NIS network administrators have an account in ou=Administrators,ou=NIS,o=vt that is used to authenticate to network infrastructure devices. The passwords on these accounts are managed independently of the wireless/VPN accounts, and administrators can change their passwords using the ldappasswd command.

This command is built-in on current versions of MacOS, and can be easily installed on Linux with the appropriate package manager.

For Windows 10/11, simply enable WSL and then follow the instructions below in your WSL Linux environment.

Ubuntu/Debian

sudo apt install ldap-utils

Red Hat/AlmaLinux

sudo yum install openldap-clients

I don't really want to install anything on my computer

No problem! These utilities are already installed on conehead and grub, if you can SSH to those hosts already. Just make sure your environment has all the right variables set.

source /apps/etc/openldap/profile

Don't want to remember to do that every time? Just add that line to the end of your .bashrc file like so:

echo "source /apps/etc/openldap/profile" >> ~/.bashrc

How to change your network administrator password

Lookup your network administrator nuid if you don't already know it

ldapsearch -LLL -H ldap://cricket.nis.vt.edu:11389/ -x -b ou=Administrators,ou=NIS,o=vt uid=your_vt_username_aka_pid nuid

Change your network administrator nuid password

Enter your old password when prompted to Enter LDAP Password:

ldappasswd -H ldap://cricket.nis.vt.edu:11389/ -x -ZZ -W -S -D nuid=your_nuid,ou=Administrators,ou=NIS,o=vt

Use manager authorization to change the password of another network administrator to a temporary value

ldappasswd \!authzid=dn:cn=Manager,o=vt -H ldap://cricket.nis.vt.edu:11389/ -x -ZZ -W -S -D nuid=your_nuid,ou=Administrators,ou=NIS,o=vt nuid=other_administrator_nuid,ou=Administrators,ou=NIS,o=vt

Enter the temporary password for the other administrator when prompted for New password: and Re-enter new password:

Enter your password when prompted to Enter LDAP Password:

For PPRD or DEV environments, respectively substitute hornet or owlfly for cricket in the commands above.

NI&S AAA Documentation