Hi,
sometimes I have to add some new user on lots of ESX Server. I would like to create a command, so that I must only copy&paste the comman into my SSH session on each ESX host. I used the following command:
useradd -u 621 -G root -p PASSWORD -d /home/USER -s /bin/bash-c USERNAME USER
The problem is that the Password does not work. When I check the gui, the user is createtd. The user has shell access. Only when I change the password, I will be able to log on.
I guess the problem is that the useradd command inteprets the password as an encryptet password. So I think I have to provide the crypted passwort instead of the clear text password.
The question is how to automate it? Anybody has a script to do so?
Sorry you must also update /etc/gshadow
Or better use the following command for each user
gpasswd -a user1 wheel
Hello
Why not use some centralized mechanism like AD, NIS+, LDAP-S? Check out http://www.astroarch.com/wiki/index.php/Remote_Authentication for some possibilities and instruction.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll
Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links
@Lightbulb: The command sounds great but is not implement on my esx machines. Is that a package I can install from bash?
@Texiwill: The idear is also very good, but not usable in this environment. It is a shared VMware Cluster for mutliple customers. There is no acces to any Domain.
It sounds like you are using ESX without Virtual Center for hosting vm's. If that is the case I really hope you are not giving each customer the ability to manage their VM's using the VM Console directly from the ESX host.
Direct console access does not scale at all, and will quicly bring your ESX host to its knee's.
When providing console access/permissions to VM's best practice is to utilize VC and scale that server appropriately to handle the load. Your customers should also be made aware that console access is to be used only when necessary and not as a daily management console for their systems.
Hi,
we are using Virtual Center. No one of the customer´s gets access to the ESX machines or to the Virtual Center.
I am running ESX 3.5 on my test box at home and the bianary is under /usr/sbin/newusers . It is a standard Redhat command.
From the cli type:
ls -l /usr/sbin/newusers
Hi Lightbulb,
seems to work very fine. Final Question: How do I add a user to the root group?
Add users to wheel group in /etc/group
Open /etc/group in editor and append user names to wheel.
Example:
wheel:x:10:root,usrer1,user2,
This is not a best practice. For users that need some level of root access you might want to thin about sudo
Sorry you must also update /etc/gshadow
Or better use the following command for each user
gpasswd -a user1 wheel
Hello,
If you use 'usermod' the PASSWD is a md5 hashed password held within single quotes.... The single quotes are to escape the necessary characters and not part of the password
TO add a user to a group you can use 'usermod'. Or even 'groupmod'... you may not want to use gpasswd directly. THat is up to you.
If you setup a NIS server then things would also work and be separate from the domain. Personally I would have a Customer Domain most likely within a VM and a Virtualization Management Domain that a customer would never see or have access.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll
Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links