VMware Cloud Community
emmar
Hot Shot
Hot Shot
Jump to solution

Scripted Build, additional user with encrypted password

Hi all,

I'm in the process of creating a scripted build for ESX 3.5 U2.. as part of my script i want to create an additional SC account, currenlty i create the account with plaintext password and then re-enable the account like so:

useradd newaccount -p "plaintextpassword"

passwd newaccount -u

i am able to get an encrypted password string using /sbin/grub-md5-crypt but i'm not sure how to put this into the script... if i do this it doesnt work

useradd newaccount -p '$1233445878900ETCETC'

Any ideas?

Thanks

Emma

Reply
0 Kudos
1 Solution

Accepted Solutions
dinny
Expert
Expert
Jump to solution

Hi Emma,

Because you are running the command in a script (as opposed to interactively) - then the $ characters in the encrypted password will be interpreted wrongly.

So to get:

useradd -p '$1$9kldl$wOXyCckxGWBHb5lImhQj50' vAdmin01

you would need to put:

useradd -p '\$1$9kldl\$wOXyCckxGWBHb5lImhQj50' vAdmin01

i.e. precede all the dollars with a back slash.

(and similarly for any other strange characters in the encrypted password string)

I do the same thing in my build scripts (I use double qotes rather than single around the encrpted password - Ihave no idea if that makes a difference too - but if yours still fails with the backslashes, then try the double quotes too)

i.e. useradd -p "\$1$9kldl\$wOXyCckxGWBHb5lImhQj50" vAdmin01

Cheers

Dinny

View solution in original post

Reply
0 Kudos
19 Replies
demz
Expert
Expert
Jump to solution

Hi,

This should work... the -p option only accept encrypted passwords.

Take a look here http://communities.vmware.com/message/812568 and here http://communities.vmware.com/message/864062#864062

Reply
0 Kudos
emmar
Hot Shot
Hot Shot
Jump to solution

Hi Demz,

Do I or dont I need the ' ' around the encrypted password?

Emma

Reply
0 Kudos
cheeko
Expert
Expert
Jump to solution

Just tried what you did and it works for me. It seems that your encrypted PW is the issue.

My grub-md5-crypt always returns 31 character encrypted PWs. The super secure password 'password' gives me '$1$Y9oel$GGvxxEP68y2bRmYklXCD5.' for example.

Reply
0 Kudos
espi3030
Expert
Expert
Jump to solution

Hello,

Here is the command I use to create additional users with encrypted passwords:

/usr/sbin/useradd -m -p '$6$QJFf7ps1%bp4n7XsubwjDtAydlvy3z3' -c SecondAdmin -g users -G users -d /home/SecondAdmin -s /bin/bash SecondAdmin

This of course is not a valid password, but the syntax is correct. I created the encrypted password just as you described then cut/paste in to my post install script.

Hope this helps!

Reply
0 Kudos
cheeko
Expert
Expert
Jump to solution

You do need the ' ... with useradd/usermod.

Reply
0 Kudos
emmar
Hot Shot
Hot Shot
Jump to solution

that encrypted password was just a rubbish string i'd chuck in for this post as i couldn't be bothered to type it out!

i know the encrypted string works as i'm currently using the same one for the --rootpw variable

Reply
0 Kudos
cheeko
Expert
Expert
Jump to solution

whats not working then?

Reply
0 Kudos
emmar
Hot Shot
Hot Shot
Jump to solution

Thanks all,

The only diff i can see is in the ordering of my useradd cmd i.e i state the useraccount before the password - will change this and have another go.

Reply
0 Kudos
espi3030
Expert
Expert
Jump to solution

My post is right out of my post installation script, that I just used last week. You can also verify it's integrity by simply copying and pasting into a Service Console, I test most of my scripted commands that way. If it works via the Service Console then it will work in a script.

Reply
0 Kudos
demz
Expert
Expert
Jump to solution

That will normally not bring any changes...

It's still not working ?

Reply
0 Kudos
depping
Leadership
Leadership
Jump to solution

cool stuff,



Duncan

Blogging: http://www.yellow-bricks.com

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
emmar
Hot Shot
Hot Shot
Jump to solution

Still not working...here's an exact copy of my script - it's a bit messy at the moment!

#Create local user account and add to root group

grep ^admins: /etc/group > /dev/null || groupadd admins

grep ^%admins /etc/sudoers > /dev/null || echo %admins ALL = NOPASSWD: ALL >> /etc/sudoers

useradd -p '$1$9kldl$wOXyCckxGWBHb5lImhQj50' vAdmin01

#echo password | passwd --stdin vAdmin01

usermod -G admins vAdmin01

usermod -G root vAdmin01

#passwd vAdmin01 -u

can anyone see anything wrong with this

Reply
0 Kudos
demz
Expert
Expert
Jump to solution

Emma,

If you bypass the script and simply do a useradd -p '$1$9kldl$wOXyCckxGWBHb5lImhQj50' vAdmin01, can you login with this account ?

Reply
0 Kudos
emmar
Hot Shot
Hot Shot
Jump to solution

yes i can.... something wrong with my script :_|

Reply
0 Kudos
demz
Expert
Expert
Jump to solution

and after the usermod commands ?

dinny
Expert
Expert
Jump to solution

Hi Emma,

Because you are running the command in a script (as opposed to interactively) - then the $ characters in the encrypted password will be interpreted wrongly.

So to get:

useradd -p '$1$9kldl$wOXyCckxGWBHb5lImhQj50' vAdmin01

you would need to put:

useradd -p '\$1$9kldl\$wOXyCckxGWBHb5lImhQj50' vAdmin01

i.e. precede all the dollars with a back slash.

(and similarly for any other strange characters in the encrypted password string)

I do the same thing in my build scripts (I use double qotes rather than single around the encrpted password - Ihave no idea if that makes a difference too - but if yours still fails with the backslashes, then try the double quotes too)

i.e. useradd -p "\$1$9kldl\$wOXyCckxGWBHb5lImhQj50" vAdmin01

Cheers

Dinny

Reply
0 Kudos
emmar
Hot Shot
Hot Shot
Jump to solution

Thanks Dinny - that was it the / were needed for the dollar signs.

Thanks to all

Emma

Reply
0 Kudos
demz
Expert
Expert
Jump to solution

Dammit I didn't seen it !

Shame on me, sorry Emma Smiley Sad

emmar
Hot Shot
Hot Shot
Jump to solution

no worries! Thanks for you help.

Reply
0 Kudos