Issues with creating a new user #363
Description
TL;DR
Concerning section 10.3.2 (creation of new user);
- secondary importance: should it be
--posix_groupinstead of--group? andmc-mgmt1instead ofmgmt1? IPA_GUEST_PASSWDis right? I checked inside the file/sbin/ipa_create_user.pyand actually it reads--passwdorIPA_USER_PASSWD- MAIN ISSUE: I cannot login using the password I set for the user I just created
- SECONDARY ISSUE: is there another script that delete/upgrade the user created by
/sbin/ipa_create_user.py? I didn't find a/sbin/ipa_delete_user.py, and to upgrade it I just run the/sbin/ipa_create_user.pywith the new options, getting a Warning because the user already exists
In detail
Following the documentation in section 10.3.2, I did:
[admin@mc-login1 ~]$ ssh mc-mgmt1
Last login: Mon May 26 12:24:05 2025 from <my-ip>
[admin@mc-mgmt1 ~]$ kinit admin
Password for [email protected]: # I pasted the admin password here
[admin@mc-mgmt1 ~]$ IPA_GUEST_PASSWD=test1 /sbin/ipa_create_user.py test1 --posix_group def-sponsor00
2025-05-26,12:39:56.872 INFO {ipa_create_user} [user_add] adding user test1 (Try 1 / 5)
[admin@mc-mgmt1 ~]$ kdestroy
[admin@mc-mgmt1 ~]$ sacctmgr show user withassoc name=test1 format=user,defaultaccount%-15,cluster%25,account%-15,priority,maxjobs,maxnodes,maxcpus,maxsubmit,qos%10,defaultqos
User Def Acct Cluster Account Priority MaxJobs MaxNodes MaxCPUs MaxSubmit QOS Def QOS
---------- --------------- ------------------------- --------------- ---------- ------- -------- -------- --------- ---------- ---------
test1 def-sponsor00 mc-di38toh def-sponsor00 normal
[admin@mc-login1 ~]$ sudo su - test1
Environment set up to use EESSI (2023.06), have fun!
[test1@mc-login1 ~]$ salloc -A def-sponsor00 -t 01:00 -N 1
salloc: Granted job allocation 3
salloc: Nodes mc-node1 are ready for job
Environment set up to use EESSI (2023.06), have fun!
[test1@mc-node1 ~]$So, every seems to work fine; however, I cannot login:
$ ssh -o IdentitiesOnly=yes -o PreferredAuthentications=keyboard-interactive test1@<login-ip>
(test1@<login-ip>) Password: # I try to spell "test1" 3 times
(test1@<login-ip>) Password:
(test1@<login-ip>) Password:
test1@<login-ip>: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).I tried also to use IPA_USER_PASSWD (for another user test2) and --passwd (for another user test3) instead of IPA_GUEST_PASSWD; the login now crashes after the first attempt, in both cases:
$ ssh -o IdentitiesOnly=yes -o PreferredAuthentications=keyboard-interactive test3@<login-ip> -vvv
(test3@<login-ip>) Password: # paste here "test3", i.e. the password I set with "--passwd"
debug3: send packet: type 61
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
Connection closed by <login-ip> port 22Same result for test2, the connection is closed after only 1 attempt without any useful log.