[SUMMARY] how to create user acc with NIS+

From: David Gempton (ttcdg@cyberspace.co.nz)
Date: Wed Mar 20 1996 - 05:48:43 CST


An amazing response from the list. And the answers are very consistent.
Many thanks to:
Mark Bergman
Salvatore Saieva
MOHD ROSLEY OMAR
Francis.Liu@uts.edu.au
Anders Hammarquist
Daniel Blander

Original question:
==============================================
> Hi all,
>
> In an NIS+ environment how do you create user accounts with out using the admintool ?
>
> I expect that the secret lies with nistbladm. But I am unfamiliar with using this tool and after previous accidents involving trashing the passwd table I want to make sure of what I am doing before I try something new.
>
> It would be greatly appreciated if you can help with suggestions and command syntax for creating a NIS+ user account from the command line.
==============================================
Summary: From Daniel Blander
==============================================
1. Add the users to the appropriate /etc/passwd and /etc/shadow
   file in your favorite method (vi, adduser, ed ;-)

2. Using "passwd" give the user a passwd...

3. /usr/lib/nis/nisaddent -mvf /etc/passwd passwd
   /usr/lib/nis/nisaddent -mvf /etc/shadow shadow

passwd and shadow are standard tables so nisaddent will recognize
them easily.

4. If this is a true NIS+ environment (needing the security level
   2 running, then you need to add your credentials for these users.

   /usr/lib/nis/nisaddcred -p <UID> -P <principal.some.domain>. local
   /usr/lib/nis/nisaddcred -p unix.<UID>@<some.domain> -P
<principal.some.domain>. (can't remember if you need to put "des" here)

Where <UID> is the User ID assigned to the specific user,
principal.some.domain is the username.your.domain (note the period at end!!)

The user will now have credentials based upon the passwd you gave them.

5. Have the user login with the password you gave him and use "passwd"
to change his passwd and NIS+ passwd (and update his credentials...)

All done....
==================================================
Replies
==================================================
You've got to use nistbladm and nisaddcred. You might also want to add
entries to the NIS+ groups and aliases tables. Here are some relevant
lines from my new user script. At this point the user name, unique home
directory, unique UID, rational GID, etc. have all been verified.

nistbladm -A name=$loginname passwd=$cryptpass uid=$uid gid=$gid \
        gcos="$gcos" home=$user_home shell=$user_shell \
        shadow=0:4:180:5::: passwd.org_dir

nisaddcred -p unix.$uid\@phri.nyu.edu -P $loginname.phri.nyu.edu. \
         -l '$upass' des phri.nyu.edu.

nistbladm -A alias=$loginname expansion=$loginname$email mail_aliases.org_dir
nisaddent -m -f $groups group phri.nyu.edu.

----
Mark Bergman                       bergman@phri.nyu.edu
System and Network Administrator   212-578-0822
Public Health Research Institute   Rm. 1074, 455 1st Ave, NY NY, 10016
==================================================
I try to avoid the graphical tools when possible. This is what I do 
to setup a new user, here's a segment from my diary:

1. Take a sample passwd and shadow file, make necessary account(s):

nisaddent -d passwd > passwd.x nisaddent -d shadow > shadow.x

2. Edit passwd.x and shadow.x files setting up account information like you would if editing the raw passwd and shadow files. After editing, load the new account info into NIS+ databases:

cat passwd.x | nisaddent passwd cat shadow.x | nisaddent shadow

3. Create home directories for new users, change ownerships and permissions as appropriate.

4. Create LOCAL NIS+ credentials for new user(s) taking special notes of the ending periods in domain names:

nisaddcred -p <uid> -P <login>.domain.com. local

For example,

nisaddcred -p 1001 -P user.domain.com. local

5. Add DES (encryped) credentials for new user(s) taking special notes of the ending periods in domain names:

nisaddcred -p unix.<uid>@domain.com -P <login>.domain.com. des

For example,

nisaddcred -p unix.1001@domain.com -P user.domain.com. des

6. Set passwords:

nispasswd <login>

7. Login as new user and sync login passwd with DES authentication keys:

chkey -p

Sal. --- Salvatore Saieva PRINCIPIA Partners LLC E-Mail: saieva@ppllc.com Harborside Financial Center Phone: (201) 946-0300 902 Plaza II, 9th Floor Fax: (201) 946-0320 Jersey City, NJ 07311

Exhortation: ``Aesthetics are more important than efficiency.'' -DEK ================================================== put the complete passwd and shadow entry in a file (recommended to create a temporary file as a passwd and shadow file) and then use utility "nisaddent -m" to merge it into your existing NIS+ Passwd Table entry. (for full syntax..do a "man nisaddent" .. sorry don't remember..used to use to command before :-) )

--rosley

*----------------------------------------------------------------------* | MOHD ROSLEY OMAR e-mail: rosley@tsi.com.my | | TIME Systems Integrators Sdn Bhd URL: http://tsi.com.my | | 2nd Floor Bangunan LTAT | | Jalan Bukit Bintang Tel: 603-245 8678 | | 55100 Kuala Lumpur Fax: 603-245 6928 | | MALAYSIA *** Smoking Aids Economy by Causing Early DEATH ***| *----------------------------------------------------------------------* ================================================== nistbladm -a user=username uid=uid ... shadow=:::::: passwd.org_dir nisaddcred -p user.uid@nis+.domain -P user.nis+.domain. des nisaddcred -p uid -P user.nis+.domain. local mkdir a home directory for the user nispasswd user

you don't need quotes around any of it, unless you've done somethimg to your shell, we run, sh, csh, tcsh and we don't have a problem with the above cmdline.

Francis -- Francis.Liu@uts.edu.au Talk: +61 2 330 2091 Systems Programmer Fax : +61 2 330 1999 University of Technology, Sydney - Information Technology Division PO BOX 123, Broadway, NSW 2007, Australia ================================================== nistbladm and nisaddcred will let you add users from the command line. nistbladm does have the annoying feature of trashing the table if you send it the wrong options.

To add a user involves a few steps to get everyting right (and they must be done in the right order!)

First, add the user to the passwd table (if you use password aging you want to set shadow to something else - see the man page for shadow(4))

> nistbladm -a name=<login> passwd=<encrypted_passwd> uid=<uid> \ gid=<pri_gid> gcos=<Name> home=<homedir> shell=<shell> shadow=:::::: \ passwd.org_dir

Next, change the permissions for the newly created entry.

> nischmod o=r,n=,w=,g= \[name=<login>\]passwd.org_dir

Create secure rpc credentials for the user. This requires the unencrypted password, either specified with the -l flag or typed at the keyboard.

> nisaddcred -p unix.<uid>\@nis+.domain -P <login>.nis+.domain \ -l cleartext_passwd DES

> nisaddcred -p <uid> -P <login>.nis+.domain. local

Last, change the owner of the passwd entry, so that the user may change his password.

> nischown <login> \[name=<login>\]passwd.org_dir

After that, all you need to do is set up the home directory.

/Anders -- -- Of course I'm crazy, but that doesn't mean I'm wrong. Anders Hammarquist | iko@dd.chalmers.se System administrator at DjungelData | Fax: +46 31 772 3202 Chalmers University of Technology, G|teborg, Sweden | Tel: +46 31 772 3241 ================================================== Actually its easier than using nistabladm....

1. Add the users to the appropriate /etc/passwd and /etc/shadow file in your favorite method (vi, adduser, ed ;-)

2. Using "passwd" give the user a passwd...

3. /usr/lib/nis/nisaddent -mvf /etc/passwd passwd /usr/lib/nis/nisaddent -mvf /etc/shadow shadow

passwd and shadow are standard tables so nisaddent will recognize them easily.

4. If this is a true NIS+ environment (needing the security level 2 running, then you need to add your credentials for these users.

/usr/lib/nis/nisaddcred -p <UID> -P <principal.some.domain>. local /usr/lib/nis/nisaddcred -p unix.<UID>@<some.domain> -P <principal.some.domain>. (can't remember if you need to put "des" here)

Where <UID> is the User ID assigned to the specific user, principal.some.domain is the username.your.domain (note the period at end!!)

The user will now have credentials based upon the passwd you gave them.

5. Have the user login with the password you gave him and use "passwd" to change his passwd and NIS+ passwd (and update his credentials...)

All done....

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Daniel Blander =8^) Sr. Systems Engineer Applied Computer Solutions ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Phone: (714) 842.7800 Fax: (714) 842.8299 Email: Daniel.Blander@acsacs.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Official Applied Computer Solutions Home Page and Tech Tip of the Week: http://www.acsacs.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:55 CDT