adduser

MeeLee · 09-25-2009, 06:04 AM

Hi,

I am logged in as Root, and in /etc

I try: adduser, but it says that the user already exists.

When you catpasswd, the user I am trying to add is not there.

I have tried userdel, but it comes up with a shadow error...and when you go to add him again, it still says that he exists.

The user did try logging on before he had an account added and he got a message saying "creating directories"...but then it said that "you have been locked out by administrator"

Do you know what I can do to add the user...and also stop this from happening again?

Thanks,

Lee

JamesChamberlain · 09-25-2009, 06:06 AM

Try unlocking the accountt if it's locked:

passwd -u {username}

chrism01 · 09-25-2009, 06:09 AM

Check the /etc/shadow file as well.
When you do stuff, show us the exact cmd and msgs; makes it much easier to help you.

MeeLee · 09-25-2009, 06:17 AM

Thanks.

Apologies - the exact error is:

useradd: *****exists

I can't see him in /etc/shadow either

chrism01 · 09-25-2009, 07:22 AM

This isn't a NIS or LDAP issue?

MeeLee · 09-25-2009, 07:35 AM

No no...well I don't think so??

The environment:

The server is authenticating via kerberos...LDAP. to an AD domain (with Windows DCs). The user wasn't locked out of AD...and other active directory users have been able to login to the RHEL server fine.

The fix:

I have managed to get the user to login. I tried creating the account via the "add user" tab on the GUI and was able to successfully create the account along with a home directory (even though the "useradd" command still wouldn't let me).

I then went into /etc/password and etc/shadow and manually changed the user details to match those of other users whom I wanted the account to match.

The only thing with this though, is when I created the account and new home directory, it asked to set a password. I set the password, but when the user logged in, he was able to do it via AD (which is what I want), but not via the new password I had set.

The above is what I wanted, but any ideas why this is the case (why I had to create the new password which wasn't needed anyway?)

Also, Is there anything I need to be wary of due to adding the account this round-about way?

If anyone could shed some light as to why the original issue would have occured in the first place, and how to prevent it from happening again i'd be truly grateful!

Thank you

Lee

chrism01 · 09-25-2009, 08:08 AM

LDAP is doing your authenticating, so the user already exists in the LDAP DB. That's why I asked.
The acct should only be defined in one place. The user probably used the passwd in the LDAP db.
You need to read up on krb & LDAP, if you don't already have it down pretty good. (Apologies if you do)
I used this to start learning LDAP
http://www.linuxhomenetworking.com/w...DAP_and_RADIUS

MeeLee · 09-25-2009, 08:21 AM

Quote:

Originally Posted by chrism01

LDAP is doing your authenticating, so the user already exists in the LDAP DB. That's why I asked.
The acct should only be defined in one place. The user probably used the passwd in the LDAP db.
You need to read up on krb & LDAP, if you don't already have it down pretty good. (Apologies if you do)
I used this to start learning LDAP
http://www.linuxhomenetworking.com/w...DAP_and_RADIUS

Thank you Chris.

Link appreciated. I could do with a more thorough read

Lee