Hi there,
I have a Mac Server running 10.3.8. I know I can use the WorkGroup Manager (WGM) to create user accounts but I need to be able to create more than 100 accounts and I have no desire to do this via the GUI. Is there a simple way via a script/command line?
I did try to use dsimportexport but later learned from other forums that this tool is broken. They suggested using dscl which seems to do the trick. Basically, I am trying to do exactly what WGM does except via command line tools. I tried
dscl . create /Users/username
followed by multiple creates to add all of the other user properties like HomeDirectory, uid etc. I later realised that the datasource was incorrect as '.' was local to the server and I needed the accounts to be created in the network directory. So, I changed the datasource to
dscl -u admin -P admin-password /LDAPv3/127.0.0.1 create /Users/username ...etc
So far so good. I compared this to an account I created via WGM and found that many properties were missing. I simply strung together more "create" commands to fix this. The only thing I cannot get to work now is setting the users password. In the "Advanced" tab of WGM the password option is set to "Open Directory" by default. If I use,
dscl -u admin -P admin-password /LDAPv3/127.0.0.1 passwd users_password
I get a crypted password. So, it looks like the passwords are managed by PasswordServices via mkpassdb. It's worth mentioning too that the command line options to mkpassdb don't match those in the man page. Anyway, I then tried
mkpassdb -b -u username -p users_password
which successfully created a non admin user in the password database. However, if I look at my new user via WGM I still find that their password (in the Advanced Tab) is still set to "Crypted Password". Any ideas?
Please let me know if I am going about this the wrong way. I am a unix admin and am not familiar Mac OS X. Also, I don't think it's a very good idea that you have to specify the admin password on the command line. You would think that if you are logged in as the admin user then a password would not be necessary. I also don't like the idea of putting the admin password inside a script.
Cheers,
Mike
I have a Mac Server running 10.3.8. I know I can use the WorkGroup Manager (WGM) to create user accounts but I need to be able to create more than 100 accounts and I have no desire to do this via the GUI. Is there a simple way via a script/command line?
I did try to use dsimportexport but later learned from other forums that this tool is broken. They suggested using dscl which seems to do the trick. Basically, I am trying to do exactly what WGM does except via command line tools. I tried
dscl . create /Users/username
followed by multiple creates to add all of the other user properties like HomeDirectory, uid etc. I later realised that the datasource was incorrect as '.' was local to the server and I needed the accounts to be created in the network directory. So, I changed the datasource to
dscl -u admin -P admin-password /LDAPv3/127.0.0.1 create /Users/username ...etc
So far so good. I compared this to an account I created via WGM and found that many properties were missing. I simply strung together more "create" commands to fix this. The only thing I cannot get to work now is setting the users password. In the "Advanced" tab of WGM the password option is set to "Open Directory" by default. If I use,
dscl -u admin -P admin-password /LDAPv3/127.0.0.1 passwd users_password
I get a crypted password. So, it looks like the passwords are managed by PasswordServices via mkpassdb. It's worth mentioning too that the command line options to mkpassdb don't match those in the man page. Anyway, I then tried
mkpassdb -b -u username -p users_password
which successfully created a non admin user in the password database. However, if I look at my new user via WGM I still find that their password (in the Advanced Tab) is still set to "Crypted Password". Any ideas?
Please let me know if I am going about this the wrong way. I am a unix admin and am not familiar Mac OS X. Also, I don't think it's a very good idea that you have to specify the admin password on the command line. You would think that if you are logged in as the admin user then a password would not be necessary. I also don't like the idea of putting the admin password inside a script.
Cheers,
Mike