Encrypted User Password in KS.cfg

Dryv · ‎02-17-2011

Hi,

I am using openssl to generate my passwords for user accounts in a KS.cfg file which writes out my esxcfg.sh script which runs on first boot... the user accounts get created but the passwords need to be reset manually. In troubleshooting this instead of running the esxcfg.sh on first boot, I just get the KS.cfg file to dump it in /root so I can check what is trying to be run. On inspecting this the encrypted passwords are not the same characters that I have written into my KS.cfg file... It looks like the $ symbol is being interpreted as something else, maybe a variable(?) and hence none of my password are working.

In my KS.cfg file I will have the line:

/usr/sbin/useradd -m -d /home/test1 -p `$1$dOyYrUdr$zl1eIZgsxwGlhylSXdDqd.` -G wheel -c "Test1 Account" test1

However this will get written to my esxcfg.sh as:

/usr/sbin/useradd -m -d /home/test1 -p "." -G wheel -c "Test1 Account" test1

and hence my password isnt recognised.

Please can someone tell me how can I get the password interpreted correctly?

Thanks

Dryv

lamw · ‎02-17-2011

You need to pass the encrypted hash as a literal string, use ==>>'<<== (single quote) instead of ==>>`<<== (tick)

e.g.

/usr/sbin/useradd -m -d /home/test1 -p '$1$dOyYrUdr$zl1eIZgsxwGlhylSXdDqd.' -G wheel -c "Test1 Account" test1

Dryv · ‎02-17-2011

Hey Lamw

how are you?

I tried that... did not like it... right now I am trying a \ in front of the $'s

so it looks like this:

/usr/sbin/useradd -m -d /home/test1 -p '\$1\$dOyYrUdr\$zl1eIZgsxwGlhylSXdDqd.' -G wheel -c "Test1 Account" test1

Dryv · ‎02-18-2011

this didnt work either... so I have tried wrapping the password around ====>"encrypted password"<==== and ====>'encrypted password' and also tried putting a ===>\<==== in front of any $ in the encrypted password... it still doesnt get written correct to the esxcfg.sh file created by KS.cfg

any other ideas?

lamw · ‎02-18-2011

That should work, so try running it on an ESX host that's already been provisioned and you'll see that it works. Regarding embedding this into a kickstart, are you putting this in %post section or %firstboot?

Dryv · ‎02-18-2011

lamw,

i agree that should work. If I cut and paste the lines from my script directly into an esx host the commands work fine becuase the encypted password gets copied exactly without any character corruption... corruption happens when the kix script tries to write it out to the esxcfg.sh script.... when I check the esxcfg.sh script post build (as i dump it to my filesystem) I actually see different characters in the encrypted password section :smileyconfused:

... the commands are in the %post section

lamw · ‎02-22-2011

I just quickly verified this works by putting this in the %post section of the kickstart:

%post --interpreter=bash

/usr/sbin/useradd -m -d /home/test1 -p '$1$dOyYrUdr$zl1eIZgsxwGlhylSXdDqd.' -G wheel -c "Test1 Account" test1

This was validated on ESX 4.1 and it should work for all versions of classic ESX, there's nothing special about this command. I would recommend you double check to make sure it's in the right place, it should not be echo'ed out to another script for execution/etc since you did mentioned something of that nature in one of your replies.

Dryv · ‎02-22-2011

Hye lamw,

Its funny you mention this... just this evening I was playing about with this and thought it had something to do with this...

So, when it wasnt working this section was set to:

%post --interpreter=bash
##############################################
#!/bin/bash

but when I set it to:

%post
##############################################
#!/bin/sh

it worked... i'm quite confused by this, would like to understand why, as I dont have a background in scripting...

All

Encrypted User Password in KS.cfg