TJ CSL
  • TJ CSL
  • Services
    • Ion
      • Development
        • Overview
        • Setup
          • Docker Setup
          • Vagrant Setup
        • Environment
        • Fixtures
        • PR Workflow
        • Style Guide
        • Maintainer Workflow
        • Repository Maintenance
        • Data Generation
      • Production
      • User Experience
        • User Interface
    • Director
      • Development
        • Vagrant Setup
        • PR Workflow
        • Style Guide
        • Maintainer Workflow
      • Production
    • Workstations
    • Signage
      • Setup
      • Administration
      • Monitoring
      • Troubleshooting
      • Experimental
        • IonTap
        • SignageAdmin
    • Remote Access
      • Setup
      • Administration
    • Cluster
      • FAQ
      • Setup
        • SSH Setup
      • Administration
      • Slurm
      • Slurm Administration
      • Borg
    • Printing
      • Setup
      • Troubleshooting
    • WWW
      • Administration
      • Sites
        • Web Proxy
      • Setup
      • Troubleshooting
    • Academic Services
      • Tin
      • Othello
        • Administration
        • Setup
  • Technologies
    • Web
      • Nginx
      • Django
      • PHP-FPM
      • Node.js
      • Supervisord
    • DBs
      • PostgreSQL
      • MySQL
    • Authentication
      • Passcard
        • GPG Usage
      • SSHD
        • SSH Passwordless Login
      • FreeIPA
    • Storage
      • NFS
      • Ceph
        • Setup
        • Backups
        • CephFS
    • Operating Systems
      • Ubuntu Server
      • AlmaLinux
      • Debian
    • Tools
      • Ansible
      • Slack
      • GitBook
      • GitLab
        • Setup
        • Updating
    • Virtualization
      • QEMU/KVM
      • Libvirt
    • Advanced Computing
      • MPI
      • Tensorflow
    • Networking
      • Netbox
      • Cisco
      • Netboot
      • DNS
      • DHCP
      • NTP
      • BGP
    • Mail
      • Postfix
      • Dovecot
    • Monitoring
      • Prometheus
      • Grafana
      • Sentry
      • Uptime Robot
  • Machines
    • VM Servers
      • Utonium
      • Blossom
      • Bubbles
      • Buttercup
      • Antipodes
      • Chatham
      • Cocos
      • Galapagos
      • Gandalf
      • Gorgona
      • Overlord
      • Waverider
      • Torch
    • Ceph
      • Karel
      • Stobar
      • Wumpus
      • Waitaha
      • Barrel
      • Valdes
    • HPC Cluster
      • Zoidberg
    • Borg Cluster
    • Compute Sticks
    • Other
      • ASM
      • Duke
      • Snowy
      • Sauron
      • Sun Servers
        • Altair
        • Centauri
        • Deneb
        • Sirius
        • Vega
        • Betelgeuse
        • Ohare
    • Switches
      • Core0
      • Xnor
      • Xor
      • Imply
    • UPS
    • History
      • 2008 Sun AEG
      • 2011 Sun Upgrades
      • 2017 VM Disaster
      • 2018 Purchases
      • 2018 Cephpocalypse
    • VLANs
    • Remote Management
      • iLO
      • LOMs
    • Understudy
      • Switch Configuration
      • Server Configuration
        • Setting Up the Operating System
        • Network Configuration
        • Saruman
        • Fiordland
  • General
    • Sysadmins List
    • Organization
    • Documentation
      • Security
      • Runbooks
    • Communication
      • Terminology
    • Understudies
    • Account Structure
    • Machine Room
    • Branding
    • History
      • Fridge
      • The Brick
  • Procedures
    • Data Recovery
    • Account Provisioning
    • tjSTAR
      • Tech Support
    • Onboarding
      • New Sysadmin Onboarding
  • Guides
    • VM Creation
    • sshuttle Usage
    • Linux Wifi Setup
    • VNC Usage
    • Password Changes
    • Sun Server RAID Configuration
  • Policies
    • Data Release Policy
    • Upgrade Policy
    • Account Policy
    • Election Policy
  • Obsolete
    • Arcturus
    • Chuku
    • Cray SV1 Supercomputer
    • Ekhi
    • Mihr
    • Moloch
    • Sol
    • Rockhopper
    • Kerberos
    • LDAP
    • Agni
    • Moon
    • Apocalypse
    • AFS
      • OpenAFS
      • Setup
      • Client Setup
      • Administration
      • Troubleshooting
      • Directory Structure
      • Backups
      • Cross-Cell Authentication
    • Observium
    • OpenVPN
Powered by GitBook
On this page
  • Unix accounts
  • Manual Provisioning
  1. Procedures

Account Provisioning

Even though we have integrated authentication for accounts, user provisioning still needs to occur in every system independently.

Unix accounts

We have a script called create_user.sh that provisions all necessary accounts. It takes the username. first name. and last name as the arguments.

It:

  • Generates an LDIF

  • Export the LDIF

  • Adds the LDIF to openldap1

  • Creates an AFS home directory

  • and resets the Kerberos principal password to the default

Manual Provisioning

Use of the manual steps is not recommended.

Creating AFS User

First, you need to create an AFS user account. Make sure you are authenticated with your /admin principal.

pts createuser <username>

The command should give an output similar to:

User <username> has id 12345678

If the user already has an AFS user account, run the following command in order to obtain an ID.

pts examine <username>

Creating LDAP User

ldapadd -h openldap1 -Y GSSAPI -f <ldif file>

Below is an example LDIF file. Make sure you replace first name, last name, uidNumber, and graduation year!

dn: uid=2017ewang,ou=2017,ou=students,ou=people,dc=csl,dc=tjhsst,dc=edu
cn: Eric Wang
description: 2017
displayName: Wang, Eric
givenName: Eric
uid: 2017ewang
sn: Wang
objectClass: inetOrgPerson
objectClass: top
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
uidNumber: 00000000
gecos: Eric Wang
gidNumber: 2017
homeDirectory: /afs/csl.tjhsst.edu/students/2017/2017ewang
loginShell: /bin/bash

Adding AFS Volume

cd /afs/csl.tjhsst.edu/.students/.20XX/
vos create -server openafs3 -partition vicepa -name 20XX.<username> -maxquota 1048576
vos backup 20XX.<username>
fs mkmount <username> 20XX.<username>
fs mkmount <username>/yesterday 20XX.<username>.<backup>
fs sa <username> <username> rlidwka
vos release students.20XX
PreviousData RecoveryNexttjSTAR

Last updated 5 years ago

Next, you need to add the account to LDAP. First, generate an LDIF file using the guide at . Run the command below after you have created an LDIF file.

NSS LDAP Templates