[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Bookworm/GettingStarted" by GuidoBerhoerster

Wed Oct 11 10:20:46 BST 2023

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.

The "DebianEdu/Documentation/Bookworm/GettingStarted" page has been changed by GuidoBerhoerster:
https://wiki.debian.org/DebianEdu/Documentation/Bookworm/GettingStarted?action=diff&rev1=4&rev2=5

Comment:
Move section on adding users on the commandline to the administration howto and add link to it

  {{attachment:reset_passwords.png|Reset passwords|width=800}}

- == Adding users from the command line ==
+ ==== Adding users from the command line ====

+ User accounts can also be added from the command line using the `ldap-createuser-krb5` tool, see the documentation in the [[DebianEdu/Documentation/Bookworm/HowTo/Administration#ldap-createuser-krb5.2C_a_command-line_tool_for_adding_users|Administration HowTo]]
- User accounts can also be added from the command line using the `ldap-createuser-krb5` tool, it is invoked as follows:
- 
- {{{
- ldap-createuser-krb5 [-u uid] [-g gid] [-G group[,group]...] [-d department] <username> <gecos>
- }}}
- 
- All arguments except the username and GECOS field are optional, the latter usually should contain the full name of the user. Unless specified the too will pick the next free UID and GID automatically and not assign any additional groups to the user. If no department is given, it will pick the first ''gosaDepartment'' from LDAP which is likely ''skole'' and for regular users usually not what you want, so you should pick an appropriate value for the user, e.g. ''Teachers'' or ''Students''.  After entering and confirming the password and entering the LDAP administrator password, `ldap-createuser-krb5` will create the user account in LDAP, set the Kerberos password, create the home directory, and add a corresponding Samba user. The following screenshot shows an example invocation to create a user account named `harhir` for a teacher hose full name is "Harry Hirsch":
- 
- {{{
- root at tjener:~# ldap-createuser-krb5 -d Teachers harhir "Harry Hirsch"
- new user password: 
- confirm password: 
- 
- dn: uid=harhir,ou=people,ou=Teachers,dc=skole,dc=skolelinux,dc=no
- changetype: add
- objectClass: top
- objectClass: person
- objectClass: organizationalPerson
- objectClass: inetOrgPerson
- objectClass: gosaAccount
- objectClass: posixAccount
- objectClass: shadowAccount
- objectClass: krbPrincipalAux
- objectClass: krbTicketPolicyAux
- sn: Harry Hirsch
- givenName: Harry Hirsch
- uid: harhir
- cn: Harry Hirsch
- userPassword: {CRYPT}$y$j9T$TWnq55O1rvyLhjF.$oVf.t.RXC1v/4Y8FhV0umno629mo7bP7/YJyig6HET6
- homeDirectory: /skole/tjener/home0/harhir
- loginShell: /bin/bash
- uidNumber: 1004
- gidNumber: 1004
- gecos: Harry Hirsch
- shadowLastChange: 19641
- shadowMin: 0
- shadowMax: 99999
- shadowWarning: 7
- krbPwdPolicyReference: cn=users,cn=INTERN,cn=kerberos,dc=skole,dc=skolelinux,dc=no
- krbPrincipalName: harhir at INTERN
- 
- ldap_initialize( <DEFAULT> )
- Enter LDAP Password: 
- add objectClass:
- 	top
- 	person
- 	organizationalPerson
- 	inetOrgPerson
- 	gosaAccount
- 	posixAccount
- 	shadowAccount
- 	krbPrincipalAux
- 	krbTicketPolicyAux
- add sn:
- 	Harry Hirsch
- add givenName:
- 	Harry Hirsch
- add uid:
- 	harhir
- add cn:
- 	Harry Hirsch
- add userPassword:
- 	{CRYPT}$y$j9T$TWnq55O1rvyLhjF.$oVf.t.RXC1v/4Y8FhV0umno629mo7bP7/YJyig6HET6
- add homeDirectory:
- 	/skole/tjener/home0/harhir
- add loginShell:
- 	/bin/bash
- add uidNumber:
- 	1004
- add gidNumber:
- 	1004
- add gecos:
- 	Harry Hirsch
- add shadowLastChange:
- 	19641
- add shadowMin:
- 	0
- add shadowMax:
- 	99999
- add shadowWarning:
- 	7
- add krbPwdPolicyReference:
- 	cn=users,cn=INTERN,cn=kerberos,dc=skole,dc=skolelinux,dc=no
- add krbPrincipalName:
- 	harhir at INTERN
- adding new entry "uid=harhir,ou=people,ou=Teachers,dc=skole,dc=skolelinux,dc=no"
- modify complete
- 
- Authenticating as principal root/admin at INTERN with password.
- kadmin.local:  change_password harhir at INTERN
- Enter password for principal "harhir at INTERN": 
- Re-enter password for principal "harhir at INTERN": 
- Password for "harhir at INTERN" changed.
- kadmin.local:  lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is deprecated
- Added user harhir.
- }}}

  == Group Management with GOsa² ==