Supervisor (Bindery) User Created on Every NetWare 4 Server
Articles and Tips: tip
Novell Consulting Services
01 Feb 1996
For every NetWare 4 server that is installed, a (bindery) Supervisor account is created for that server. This account is created regardless of whether the administrator installs NDS replicas on that server or not. Moreover, the Supervisor account exists whether or not a Bindery Services Context is set on the server. However, the Supervisor account is only accessible if a valid Bindery Context is set on the server. (The exception is if you perform a server console LOCK or UNLOCK.)
The Supervisor user account is stored in the Bindery Partition, which is one of the four partitions that exists even if an NDS replica is not installed on the server. (The other three types of always-existing partitions are Schema, System, and External References). Just like in NetWare 3, the Supervisor user has all rights to the server. Keep in mind that this Supervisor user is a server-centric user and these rights only apply to the individual server.
If one or more Bindery Services Contexts are set on the server, the Supervisor user automatically has all rights to all the bindery objects in the containers (OUs) pointed to in the server bindery context path. Notice that the Supervisor (using SYSCON) only has rights to those NDS objects that also exist in the bindery: Users, Groups, Queues, Print Servers and Profiles (first made available in NetWare Name Services).
The Supervisor user does not show up in the NDS tree because it is a server-centric (bindery) object, not an NDS object. This means that NWADMIN and NETADMIN cannot access the Supervisor user; however, you can acess the Supervisor user using SYSCON.
In NetWare 4.02 and later versions, the Supervisor user always has a password assigned upon creation. This was not the case in NetWare 4.01 because the person installing the server (usually Admin) did not have to have a password. The Supervisor user receives its password according to the following conditions:
New NetWare 4 server(not migrated from NetWare 3)
The Supervisor is assigned the password of the user that logs in to the tree to perform the installation (this is usually the Admin user).
NetWare 3 server migrated to NetWare 4(using INSTALL.NLM or In-Place Migration)
The supervisor account information is bought over from the NetWare 3 server and the new Supervisor account is assigned the password from NetWare 3. If the Supervisor account in NetWare 3 does not have a password, the password of the user that logged in to the tree to do the install (usually Admin) is assigned to the Supervisor in NetWare 4.
NetWare 3 server migrated to NetWare 4(using MIGRATE.EXE or Across-the-Wire)
When you migrate using the Across-the-Wire Migration utility, the NetWare 4 server is already installed and running. The Supervisor user on the NetWare 4 server is already created and has a password assigned as in the first scenario described above. The Across-the-Wire migration utility does not change the password with the password from the NetWare 3 server, because passwords cannot be copied when using MIGRATE.EXE.
Safeguard the password for the Supervisor user. The password that the Supervisor is assigned is not completely dependent on the user that installs the new NetWare 4 server into the tree. For example, if the Admin user installs the server and the Supervisor user is assigned the Admin user's password, when the Admin user changes its password, the Supervisor password does not change.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.