Jamf Nation Community

perryd84 · ‎08-10-2022

I'm creating a user from script and it works fine. You can unlock the padlock using the account, you can switch to the account in terminal and run things BUT the account will not log in!!!

When logging in as the account it just hangs?!

#!/bin/bash

sudo dscl . -create /Users/testuser
sudo dscl . -create /Users/testuser UserShell /bin/bash
sudo dscl . -create /Users/testuser RealName testuser2
sudo dscl . -create /Users/testuser UniqueID 1050
sudo dscl . -create /Users/testuser PrimaryGroupID 1000
sudo dscl . -create /Users/testuser NFSHomeDirectory /Local/Users/testuser
sudo dscl . -passwd /Users/testuser qwerty12345
sudo dscl . -append /Groups/admin GroupMembership testuser

This is the script its pretty straight forward!

Does anyone know if the account needs to be added to the apple setup assistant or something else!?!?

Hugonaut · ‎08-10-2022

I understand you want to create the account with a script, but why not just use Jamfs Local Account Policy Payload?

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

AJPinto · ‎08-10-2022

It is possible to create a user account from just CLI, but there is really not a reason to do it. as @Hugonaut suggested, I would just create the account with a policy. If you are going to do this with a script lookin in to salting (obfuscating) the password.

Are you creating the home directory? I dont see it in the script.

This is what I have used in the past. To be honest, I stopped using this a LONG time ago but may give you a point of references.

#!/usr/bin/env bash

AccountName="Some Account Name"
RealName="Some Users Name"
Password="For_the_love_of_god_obfuscate_this"

## Configure account
echo "Configuring account"
dscl . -create /Users/$AccountName
dscl . -create /Users/$AccountName UserShell /bin/bash
dscl . -create /Users/$AccountName RealName "$RealName"
dscl . -create /Users/$AccountName UniqueID "510"
dscl . -create /Users/$AccountName PrimaryGroupID 51
dscl . -create /Users/$AccountName NFSHomeDirectory /Users/Account
sleep 10

dscl . -passwd /Users/$AccountName "$Password"
dscl . -append /Groups/admin GroupMembership Account
createhomedir -c > /dev/null

## Add to SSH group
echo "Adding to SSH group"
sudo dseditgroup -o edit -a "$AccountName" -t user com.apple.access_ssh

## Create .ssh folder
echo "Configuring .ssh folder"
mkdir /Users/$AccountName/.ssh
chmod 755 /Users/$AccountName/.ssh
chown $AccountName:interactusers /Users/$AccountName/.ssh

## Set recursive permissions for folder
echo "Setting recursive folder owner:group to Account:interactusers"
chown -R $AccountName:interactusers /Users/$AccountName/.ssh/

perryd84 · ‎08-10-2022

Thanks for the quick replies.
The jamf user creation policy is no good as it has to have a password set but in my actual script the password is being randomly generated and encoded so jamfs policy is no good :(

@AJPinto haven't actual seen "createhomedir -c > /dev/null" before so will check this out and see if it helps.
Looking at using sysadminctl as an alternative to dscl so will update if I manage to fix this. Cheers!

macinblack · ‎08-10-2022

Using dscl is certainly a way to do this, but it's more work than you need to do. The sysadminctl command takes care of all of the annoying parts like creating the UID automatically, unless you specifically need to create the account with a specific UID. Additionally, if you needed to have a secure token generated for this account sysadminctl can do that for you too in conjunction with an existing secure token account. Also, for password encryption workflows, this might be useful too. It might not fit your precise workflow, but it's nice to have in your pocket, especially for API calls. Hope this helps.

perryd84 · ‎08-11-2022

Thanks @macinblack
One thing I'm noticing when using dscl or sysadminctl is that the home folder is not created even when I specify it and the setup assistant can't be skipped which I think is where the log in is hanging.
I tested using the Jamf command "createAccount" and this works fine and has a switch to suppressSetupAssistant. Anyone know how to do this with sysadminctl and also how to create the home folder successfully?

This is the sysadminctl script I'm testing but the home folder doesn't get created.

sudo sysadminctl \
-addUser testuser \
-fullName testuser \
-shell /bin/zsh \
-password qwerty12345 \
-home /local/Users/testuser \
-admin

This is the Jamf script which works perfectly but I'd rather have a script that uses mac commands and not rely on a third party.

jamf createAccount \
-username testuser \
-realname testuser \
-password qwerty12345 \
–home /private/var/testuser \
–shell “/bin/zsh” \
-admin \
-suppressSetupAssistant

macinblack · ‎08-11-2022

Checkout "defaults read com.apple.SetupAssistant.plist". You can change settings here to prevent Setup Assistant from running.

perryd84 · ‎08-11-2022

Perfect! Got it all working now! Thanks for the help👍🏻

Jamf Nation Community

Cant log in with user created from script