Recent Changes - Search:
Computers /

New Useron Ares

To create a new user, follow the steps:

  • Login as root on ares
  • Create an LDIF file which describes the new user. There should be a template file /root/add_ldap_user.ldif, but it should look like:

dn: cn=Jamie Stevens,cn=rastro,dc=astro,dc=utas.edu.au
uid: jstevens
cn: Jamie Stevens
sn: Stevens
uidNumber: 111744
gidNumber: 260
homeDirectory: /home/jstevens
objectClass: person
objectClass: posixAccount
loginShell: /bin/tcsh
userPassword: {crypt}8edxUZX076fXk
dn: is the definitive name of the account. It consists of the cn (or common name) of the person, combined with the common name of the group (which will always be rastro, and then the basename of the directory, which will always be dc=astro,dc=utas.edu.au.

uid: is the user ID of the account. For ares, the user ID is usually the first letter of the first name, followed by the surname. This is not a hard and fast rule however, and people should be allowed to choose their username, and it should usually be possible to match their UTAS user ID and their ares user ID.

cn: is the common name, which is the first name and surname of the person. It should match exactly what was put as the common name in the definitive name entry.

sn: is just the surname.

uidNumber: is the user ID number, which must be unique to ares. Lately I have been making the UID on ares the same as the UTAS-wide UID so that using TPAC shares becomes easier, however this is not strictly required.

gidNumber: is the group ID number, which should always be 260 (the rastro group ID number).

homeDirectory: is the location of the account's home directory, and should be /home/ followed by the UID.

objectClass: is the type of directory entry to make (and each account can be of multiple types). For user accounts on ares, there should be 2 such entries, one specifying a person and another specifying a posixAccount.

loginShell: is the shell the user will be given when logging in, and unless the user has a strong preference, should be /bin/tcsh.

userPassword: is the password for the user account. You should keep the default {crypt}8edxUZX076fXk and use the ldappasswd command to change it after the account has been created; how to do this is described below.

  • Enter the new user into the LDAP database. Do this with the command:

ldapadd -x -v -D 'cn=mgr,dc=astro,dc=utas.edu.au' -W < add_ldap_user.ldif
assuming that the file you just created with the new account details is called add_ldap_user.ldif and is in the current directory. The only account that has the ability to alter the LDAP database is the cn=mgr account, so you must bind to the database with this account, as shown in the command above; this account has the same password as ares' root password, and you must enter it when prompted by the command above.

  • Make the new home directory: mkdir /home/uid where uid is the user ID of the new account.
  • Change the permissions on the new home directory: chown -R uid:rastro /home/uid
  • Generate a new random password for the new account: ldappasswd -x -v -D 'cn=mgr,dc=astro,dc=utas.edu.au' -W 'cn=Jamie Stevens,cn=rastro,dc=astro,dc=utas.edu.au' would assign a new password to the account owned by Jamie Stevens; you should change the cn entry to match that of the new account. After being prompted for the root password the new password for the user will be displayed - write this password down as it will be difficult to remember.
  • Log in as the new user to test whether everything is working: ssh uid@ares, and enter the new password when prompted. If you are able to log in without error messages appearing, the new account is ready to use.
  • Email or give the new account details to the user and ask them to log in and change their password immediately to something they will remember using the passwd command.