This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

cc one liner to add portal user

Hi All,

We have been playing with the AD options for users to auth in to the portal but nothing is really working the way we need it to work so looking at a simple manual add from the command line.

What i need is a one liner from the cli to add a basic portal local user, assign password, assign an email address to it and put into a portal user group

i found this line in other forums

confd-client.plx change_object `confd-client.plx get_objects_filtered "\$_->{data}->{name} eq \"testuser\"" | pcregrep -o REF_AaaUse[A-Za-z]*` md4hash `printf "newtapassword" | iconv -f ASCII -t UTF-16LE | openssl dgst -md4 | cut -f 2 -d \ `

but i think its more designed to modify an admin than create a simple portal user

if anyone has a one liner for this i can use to script add bulk local portal users would be much appreciated

 

cheers

 



This thread was automatically locked due to age.
Parents
  • Hi,

     

    because there is tens and hundreds to be added at once, would take forever through the gui

     

    adding a simple portal user I do not think is any cause for concern

  • Nathan, I don't understand why you don't just sync the users from AD.  Look at the 'Advanced' tab in 'Definitions & Users >> Authentication Services'.  What capabilities do you offer via the User Portal?

    Then again, I'm confused that you posted in the Endpoint forum - should I move this thread to a different forum?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • We went down this path AD and it worked but the problem we have is

     

    A. not all clients have AD, so these would need to be added in manually

     

    B. the problem we ran into was say username support, when we have 12 AD accounts all with the same username support not going to work as it auth fails after the first one In the list.

     

    believe me if I could go this easy way I would but just isn't practical in our circumstances

     

    I went down the radius road too, it worked well but problem with reply we cannot reply attribute the email addresses back to the auth mechanism so the portal would login the user but not contain any emails

    so this is why I am happy enough just to generate a mailbox list through our Kaseya vsa via a powershell script and every week or so update the utm via console cc, open to suggestions though

  • I still don't see the big picture, Nathan:

    1. What capabilities do you want to offer via the User Portal?
    2. Are you saying that you have users with mail boxes that aren't in AD?
    3. Are you saying that you have users with the same name with different email addresses?
    4. What do you mean by:

    we have 12 AD accounts all with the same username support not going to work as it auth fails after the first one In the list.

    Shouldn't this thread be moved out of the Endpoint forum into General Discussion?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    That's right, we have common "usernames" across many of the ADs, for example sales, support, reception etc..

    If I enabled backend sync it will create a local user for the first site, then any subsequent syncs only updates the local user with the other email address but ive tried without sync also

    so if "sales" username on the second AD site in the list tries to authenticate it fails with user and pass failed because of the "sales" username for the first AD

    is there a trick to make it cycle through all the ad sites until it finds a positive match on one or fail on all and then if match sync in the correct email address for the user portal? if this is achievable then great ill do it this way I just cant see how this works

     

     

     

     

Reply
  • Hi Bob,

     

    That's right, we have common "usernames" across many of the ADs, for example sales, support, reception etc..

    If I enabled backend sync it will create a local user for the first site, then any subsequent syncs only updates the local user with the other email address but ive tried without sync also

    so if "sales" username on the second AD site in the list tries to authenticate it fails with user and pass failed because of the "sales" username for the first AD

    is there a trick to make it cycle through all the ad sites until it finds a positive match on one or fail on all and then if match sync in the correct email address for the user portal? if this is achievable then great ill do it this way I just cant see how this works

     

     

     

     

Children