I’m a part-time admin for a site with about 10 full-time users & various other 'occasionals’ such as accountants, interns etc. We use (amongst other things) Scalix CE & Samba, with Windows clients.
In my absence the office administrator is expected to create new accounts, which under my direction hitherto involved:
[1] Getting a secure password using a web-based generator
[2] Creating the UNIX & Samba user using Webmin.
[3] Creating the Scalix user using SAC
Whilst this process is straightforward enough for readers here, there were several important issues:
+ Even a restricted webmin account presents a bewildering number of options to the operator & makes tasks like putting a user into groups a fiddle of ctrl-clicking.
+ It wasn’t possible to enforce consistency of account details. For example, we would end with accounts with proper case user IDs that would function in Windows but not (unless typed correctly!) in Scalix. Another gotcha was that the office admin had to remember to edit the Auth ID to remove the '@domain' part since we're a small site & that part was just bother for users. It didn't always happen...
+ New passwords scribbled on scraps of paper would be mislaid...
+ The overall process was cumbersome.
With this in mind and wishing to improve my somewhat minimal shell scripting skills, I created a script that would gather the required information from the operator & create the various accounts itself.
I’m putting it up in case it’s useful to someone else & also in the hope it’ll receive some peer-review. I’m very willing to make improvements & add feautures (up to point, bearing in mind the whole idea is kee things simple).
http://www.redcircleit.com/public/projects/usercreate/
Now, I’ve tested the script quite extensively using my test rig and the production setup and I can’t see any way that it could hose your system, BUT I can’t make any warranty to that effect.
++Use at your own risk!++
BTW, I'd like to GPL the code but since it contains a small amount of someone else's (made available on the web) I haven't yet.
For those interested, this is the way I’ve set up things for our Office admin:
There’s an ‘officeadmin’ UNIX account that’s separate from her usual Scalix/Samba account.
The 'officeadmin' user is allowed to run the script as root with no password using sudo.
There’s a saved PUTTY session on her PC that SSHs into the server as 'officeadmin' and automatically runs the script.
There’s a shortcut to PuTTY on her desktop that automatically loads the above session.
As a further bit of security SSHD is configured to only allow the 'officeadmin' user to connect from the LAN.
With this setup our office Admin can click the shortcut, enter the password, follow the prompts & create a user.
Best regards,
Ben Tisdall
RedCircle IT Ltd
London