Managing Users and Groups

We have documented a couple of different methods, so you should peruse the follwing to choose the one that works best for you.

Also, if you're using one of the bulk-add methods you should test with a small file of test users before you unleash it on your entire userbase with thousands of users.

Table of Contents

1. Manage from Linux

2. Manage from Windows

3. Bulk-add users: Automated

4. Bulk-add users: Semi-automated

5. Bulk-add users: Mostly manual

6. Bulk-add users: automatically create usernames

1. Manage from Linux: Use the smbldap toolset

You're going to need to use the smbldap-* programs to manipulate your users and groups if you want to administrate everything from a Linux box. The following are the smbldap-* commands:

1. smbldap-groupadd
2. smbldap-groupshow
3. smbldap-useradd
4. smbldap-usermod
5. smbldap-groupdel
6. smbldap-passwd
7. smbldap-userdel
8. smbldap-usershow
9. smbldap-groupmod

1. smbldap-populate
2. smbldap-userinfo

You should read the online documentation ("man command", e.g., "man smbldap-groupadd") for each command to understand how it works, but here are a few common example commands:

• smbldap-useradd -a -m moquist
• smbldap-passwd moquist
• smbldap-groupadd -a teachers
• smbldap-usermod -G teachers moquist

In addition, keep in mind that you can easily create massive "shell scripts" to perform actions in bulk if you are clever with a powerful editor (such as emacs or vi) or even a spreadsheet program (such as Openoffice Calc MS Excel).

For example, I received this question via email:

I was wondering if there was any way when adding users in bulk if you 
could define a different logon script than startup.bat? Basically 
I need one for students and one for staff. I know you can use
./smbldap-usermod to change it, but to do that for 400-500 hundred
users is insane!!!!!!  Any help would be greatly appreciated.

The following was my response:

There isn't an easy way to do this built into the installer at this 
time.  If I were you, I would construct a file containing the correct
smbldap-usermod command for each user, and then run that as a shell
script.  You can construct this file through creative cleverness in
your spreadsheet or your editor.  It would look like this:

# Students
smbldap-usermod -E blar.bat usera
smbldap-usermod -E blar.bat userb
smbldap-usermod -E blar.bat userc
smbldap-usermod -E blar.bat userd
smbldap-usermod -E blar.bat usere

Then create a second file for the staff:
# Staff
smbldap-usermod -E blee.bat teachera
smbldap-usermod -E blee.bat teacherb
smbldap-usermod -E blee.bat teacherc
smbldap-usermod -E blee.bat teacherd

Then type 'sh yourscript' and you should be all set.

Of course, you should test the smbldap-usermod command you use on one 
user before you run it for 500 users.

If you're a vim (vi) user, and you had a text file with a list of all 
your (staff or student) usernames, you could type this vim command to
insert the shell command before each username:
:%s#^#smbldap-usermod -E yourlogin.bat #

(A loop would work as well, but just putting in a list of the same 
command for each user is more self-explanatory.)

But you'll probably just want to give it a go in Calc (or Excel...ewww.  :)

2. Manage from Windows: Download srvtools.exe and use User Manager

This is a terrible way to manage users in bulk, but I know of Windows network administrators who enter hundreds of users by hand 'because they don't know how to automate the process'. (I have no idea why they don't spend even a whole week learning how to automate this so they can save themselves at least that much time each year they have to create new student accounts... But this is another topic.)

This is a fine way to create individual users now and then, and a fine way (perhaps the best way documented here...) to manage groups.

First you'll need to obtain srvtools.exe, which is currently here, but may move. (I just googled "srvtools.exe" and clicked on the first hit to find it.) Double-click that after you download it and you'll see USRMGR in the folder. Make sure you're logged INTO YOUR SMBLDAP WINDOWS DOMAIN as 'root' and run USRMGR. That's it!

Here's an annoying bit you'll have to remember: when you create users this way their home folders are not automatically mounted when they log into Windows. (FYI, this is because adding '-a' to the smbldap-useradd arguments in smb.conf breaks things weirdly - help and comments welcome!) This means that you have to create the new user, edit that user's profile, and specify the user's home directory. For the user 'moquist' you'd enter this if your PDC is named EXAMPLE-PDC:

Connect X: To \\EXAMPLE-PDC\homes\moquist

3. Bulk-add users: Automated (no details)

Create a file (we'll call it userinfo.start in this document and it must have this name for the fully automated method to work) with all of your users listed like this, one per line: Firstname,Lastname.

Then, if you have existing users on your network that may not be on this system already, put their usernames at the top of the file, one name per line. You might not have any existing users, of course, in which case you don't need to worry about this. You might be concerned about this if, for example, you have a Joan Smith in your accounting department and she'll probably get an account ont his server eventually, but you don't want to create her account here yet, and you need to get Jim Smith's account created and you want to make sure he doesn't get 'jsmith'.

The script checks the existing usernames on this server, but it can't know what other servers you have or what usernames you've already given out on other systems, so you can list such usernames here if you want the script to avoid using them now.

Here is an example userinfo.start file:

# lines that start with the '#' sign are ignored
# existing usernames
moquist
joquist
dtrask
skossakoski
areardon
jolstad
# new users
Ralph,Wiggum
Marge,Simpson
Walt,Disney
Howard,Hughes
Donald,Duck

When you are sure your file is correct, put it in your smbldap-installer directory and call it "userinfo.start". Then cd into the directory and type './smbldap users'. For example:

mv myusers.txt /root/smbldap-installer/
cd /root/smbldap-installer/
mv myusers.txt userinfo.start
./smbldap users

Below is an example of what you see when the script runs. Notice that you'll have an opportunity to specify a group other than the default (513 for Domain Users) if you wish and that you can specify the path of the home directory as well as the shell.

[root@localhost smbldap-installer]# ./smbldap users
/usr/bin/perl create-usernames -a -i -f userinfo.start -o userinfo.names
/usr/bin/perl smbldap-useradd-bulk -f userinfo.names -o userinfo.finish
What GID do you want these users to have by default?  [513] 526  (Here you can enter your own choice)
What home directory do you want these users to have by default?
(Your answer must contain "USERNAME".)  [/home/USERNAME] (if you wish you can change this as well)
What shell do you want these users to have by default?  [/bin/bash] (Here you can change the shell)

Citizen, Kane, ckane, 526, /bin/bash, /home/ckane, pir82tux (This is the output&it is stored in "userinfo.finish")
James, Bond, jbond, 526, /bin/bash, /home/jbond, nee72too
chmod 600 userinfo.finish
[root@localhost smbldap-installer]#

After the script is done, all the information about your users (including their USERNAMES AND PASSWORDS) will be in "userinfo.finish" in your smbldap-installer directory. You should save this file somewhere else so you have access to it...

4. Bulk-add users: Semi-automated (more details)

There are two scripts in the smbldap-installer directory to help you add users in bulk: create-usernames and smbldap-useradd-bulk. create-usernames is helpful to generate a unique username for each of your users, and smbldap-useradd-bulk adds users to the system, generating randomized passwords if you wish.

To use these scripts, you will need to create and/or manipulate a list of users as is described in Method 1, above.

Note: Depending on how you downloaded the script you may need to set the executable bit for the scripts. Do this by typing the following in a terminal:

chmod a+x smbldap-useradd-bulk
chmod a+x create-usernames

1. Execute create-usernames on your userinfo file (userinfo being your list of users in the format of "Firstname,Lastname" and put the output in userinfo.names:

cd smbldap-installer
./create-usernames -a -f userinfo -o userinfo.names

The format of userinfo.names at this point should be something like this:

Bob,Stanley,bstanley
Copper,Trask,ctrask
Derek,Lowe,dlowe
Janet,Jackson,jjackson
Johnny,Damon,jdamon
Jason,Jackson,jajackson

If any users could not be assigned unique usernames (for some strange reason), this will be indicated at the end of the file.

2. Execute smbldap-useradd-bulk on userinfo.names, and PUT THE OUTPUT in userinfo.finish:

./smbldap-useradd-bulk -f userinfo.names -o userinfo.finish

3. At this point, your system should have all your users added, and the userinfo.finish file will have a record of all their usernames and passwords. MAKE A COPY OF THIS FILE IMMEDIATELY!

4. The userinfo.finish file will also have output at the end indicating any errors it encountered during processing. If you have any of those, you can try adding the users yourself with the commands for smbldap-tools. Briefly, they are something like this: (first you must go to /opt/IDEALX/sbin/)

./smbldap-useradd -a -m -g GID -c "Firstname Lastname" username
./smbldap-passwd username

Important NOTE! The smbldap-useradd-bulk script is actually very smart. For example, if you wish to use a different group ID (GID&the default is 513 which is the Domain Users group) you can specify it when the script executes, or with the -g option (see example below). You can also have the script generate random, but memorable passwords for you OR you can specify a default password for all (see example). More specific options are also outlined in the next section as well.

Common Examples:

To specify a specific group ID (GID) for a group you have created (see Step 19 above)&in this example we'll use the GID of 525.

./smbldap-useradd-bulk -g 525 -f userinfo.names -o userinfo.finish

In this next example we'll specify a specific password ("login") for ALL users by using the -p switch.

./smbldap-useradd-bulk -g 525 -p default=login -f userinfo.names -o userinfo.finish

There are a multitude of usage options&if you are an advanced user you can type ./smbldap-useradd-bulk -h to see all the usage options. You can do the same for ./create-usernames -h

5. Bulk-add users: Mostly manual (lots of details)

Matt has included a script for adding users in bulk as part of the smbldap-installer. (thanks Matt!) You can find this script in the same folder as the original installer script (see the beginning of this document). The directory is smbldap-installer. The name of this script is smbldap-useradd-bulk.

There are essentially two parts to this script, plus one more part that belongs to you. They are the actual script... smbldap-useradd-bulk...the userinfo.names file (where the actual text of all your users lives) and your original list of users. First, you will need to create and/or manipulate a list of users that will eventually end up in the format of 'Firstname,Lastname,username,gid,shell,home,quota,password' ('John,Doe,jdoe,525,/bin/bash,/home/jdoe,modeluser,secret' where 'modeluser' is a previously-created user with the correct quota settings). You may do so by creating the list by hand, or by using a spreadsheet program to create your userlist:

There are many ways to manipulate this original file. If you currently have a system which has all of your current users or if you have something like an employee database or SIS (Student Information System) that can export the data into text format then you have half the battle won. Next it's a matter of importing that data into a spreadsheet program such as Excel, OpenOffice Calc, or Gnumeric so you can manipulate it.

In the sample above I use two formulas that are very helpful&.one identifies whether or not the username in the 5th column is Unique or if it's a Duplicate (thus you need to change it as you cannot have two usernames the same) and that formula looks like this

=IF(COUNTIF($E$1:F500,F500)>1,"Duplicate","Unique")

Change the part where $E$1 is to reflect the number of the cell where your usernames are.

The other formula is the one which puts all of the necessary cells together to give me the format I need&it looks similar to this:

=A1&G1&B1&G1&E1&G1&H1&G1&C1 (Where G1 is the column with the commas)

Once you've got the formula done once you can simply AutoFill down to do the whole list. Very easy!

Two other helpful formulas are the ones that enable you to isolate the first initial&that one is

=LEFT(A1,1)

(this basically says to take the first letter from the left in cell A1&.if you want the first two letters&change the last "1" to a "2" and so forth)

And the other helps combine the first intial and the last name in all lower case&.

=LOWER(E1&B1)

Once you have your master list ready:

Now you are ready to create the userinfo.names file and run the script.

First, let's create the userinfo.names file. If using the GUI...type (you need to be in the smbldap-installer directory):

gedit userinfo.names

Once it's open, copy and paste the text from your spreadsheet with the information in the format of

Firstname,Lastname,username,gid,shell,home,quota,password

into the userinfo.name file you have open in gedit. Save it&again make sure that it's going to the same directory that the smbldap-useradd-bulk script is in.

Note: If you wish to use the default shell, home, and/or quota, leave these blank in the format of Firstname,Lastname,username,gidpassword

Now, to run the script, type:

./smbldap-useradd-bulk -f userinfo.names -o userinfo.finish

Note: The command above takes the user information in the file userinfo.names adds it to the server and then outputs the information to a file called userinfo.finish. The userinfo.finish file can be printed for reference and a list of users and passwords.

Sit back and marvel at the magic Matt has created! (Matt asked me to give myself some credit as he modified my original script to create the smbldap-useradd-bulk script *blush*)

Note: Depending on how you downloaded the script you may need to set the executable bit for the smbldap-useradd-bulk script. Do this by typing:

chmod a+x smbldap-useradd-bulk

Additional Notes:

Unlike the last method, in this method we are creating our userinfo.names file manually&.completely. (By the way I'd like to point out that the name "userinfo.names" is simply a filename we chose for the purposes of this documentation...you can use whatever filename you wish) I'd like to point out that the smbldap-useradd-bulk script is quite smart. You may wish to let the script use the default GID or perhaps you'd like to generate passwords for some or all of your users. As noted above the userinfo.names file needs to be in the format of Firstname,Lastname,username,gid,password, but if either or both of the gid and password fields are left blank&the smbldap-useradd-bulk script will generate them for you. An example might be John,Doe,jdoe,525 (this will generate the password for you) or perhaps John,Doe,jdoe,,secretpw (this will use the default GID) An example of a scenario where you might use this is let's say you have a school with grades K-8. You may want the kids in kindergarten and first grade to have a default password that you assign in userinfo.names and have the script generate passwords for the older students.

6. Bulk-add users: automatically create usernames

Matt has also created a very cool script (this one is all his&and it's very cool) called create-usernames. One of the biggest challenges for any network administrator is making sure all the users have "unique" usernames. It is not possible for two users to have the same username. This script will take a text file of Firstname and Lastname and create a file of unique usernames for you. The table below shows how you could use a spreadsheet to generate the Firstname,Lastname format.

The formula to create the text in the last column is:

=A1&C1&B1 (Where C1 is the column with the commas)

In this example you'll notice all we have are the Firstname, Lastname and that's it. No username is included because we'll be generating those using the create-usernames script. Pasted the text from the last column into a file such as userinfo.start. Then run the following command to append the username (-a) to the file and output the text to a file named userinfo.output.

./create-usernames -a -f userinfo.start -o userinfo.output

The output from the text indicated in the table above would look like this

Blake,Addy,baddy
Joshua,Affleck,jaffleck
Shenandoah,Allen,sallen
Willie,Allen,wallen

In the example below you'll see that I have added the GID and the passwords using a spreadsheet and formula by using the text from the userinfo.output file.

To use a formula in a spreadsheet to generate the text in the last column&refer to the example below.

=A1&C1&D1&C1&B1 (Where C1 is the column with the commas)

Once you have your master list ready cut and paste the text in the last column to a file called userinfo.names. Make sure it is saved in the smbldap-installer directory. Now you can run the smbldap-useradd-bulk script to add the users to your system...run the command below:

./smbldap-useradd-bulk -f userinfo.names -o userinfo-final

The userinfo-final file will also have output at the end indicating any errors it encountered during processing. If you have any of those, you can try adding the users yourself with the commands for smbldap-tools. Briefly, they are something like this: (first you must go to /opt/IDEALX/sbin/ )

./smbldap-useradd -a -m -g GID -c "Firstname Lastname" username
./smbldap-passwd username

I'd like to point out that the name "userinfo.names" is simply a filename we chose for the purposes of this documentation...you can use whatever filename you wish.

Example:

./smbldap-useradd-bulk -f students-input-master -o students-master-w-passwords

A note about the create-usernames script:

The create-usernames script is nice because it will automatically generate unique usernames for you by going to the next letter in the Firstname if necessary. Example: if you have Mickey Mouse, Mary Mouse, and Minnie Mouse&.the following usernames will result:

mmouse
mamouse
minmouse

See my sample userinfo file below&notice that there are several users who share the same first initial and last name&.thus the create-usernames script generated unique usernames for each

Fanny,Catt,fcatt
Fatt,Catt,facatt
Jaffrey,Mouse,jmouse
James,Mouse,jamouse
Jerry,Mouse,jemouse
Mary,Mouse,mmouse
Matt,Watt,mwatt
Mickey,Mouse,mimouse
Minnie,Mouse,minmouse
Monica,Watt,mowatt
Skinny,Catt,scatt
Tom,Cat,tcat

Please realize that there are many things you can do to manipulate and direct the way in which your files end up. You can create many user groups (for example one for each class, homeroom, grade level, or department) and also add some unique identifiers to the usernames by adding them to the last name or something like that. Bear in mind that if you need total control over usernames, GID's, and passwords then Method 3a is probably your best bet, however if you don't, the create-usernames script makes life a LOT easier.