A system user is required to access many services provided by NethServer Enterprise (email, shared folders, etc..).
Each user is characterized by a pair of credentials (user and password). A newly created user account remains locked until it has set a password. A blocked user can not use the services of servers that require authentication.
Cuando se crea un usuario, los siguientes campos son obligatorios.
Optional fields:
Just after creation, the user is disabled. To enable the user, set a password using the Change password button. When a user is enabled, the user can access to the Server Manager and change his/her own password: Change user password.
Un usuario puede ser agregado a uno o mas grupos de la pagina Usuarios o de la pagina Grupos .
Sometimes you need to block user’s access to service without deleting the account. This behavior can be achieved using the Lock and Unlock buttons.
Nota
Cuando se elimina un usuario, también se eliminarán todos los datos del usuario.
After creation a user can be enabled only to some (or all) services. This configuration can be done using the Services tab page.
A group of user can be used to assign special permissions to some users or to create email distribution lists.
As for the users, a group can be enabled to some (or all) services.
Truco
For delegating permissions to the Server Manager, use the groups managers or administrators.
Two special groups can be created, the users who belong in one of these groups are granted access to the panels of the Server Manager
The Users page has one default entry: admin. This account allows access to the Server Manager with the same permissions of the root account. It is initially disabled and has no access from the console.
Truco
To enable admin account set its password.
Where applicable, the admin user also is granted special
privileges on some specific services, such as joining a
workstation in Samba domain.
El sistema proporciona la capacidad de establecer restricciones en la contraseña complejidad y expiración.
Password policies can be changed from web interface after installing nethserver-password module.
The password complexity is a set of minimum conditions that password must match to be accepted by the system: You can choose between two different management policies about password complexity:
La directiva strong requiere que la contraseña cumpla con las siguientes reglas:
La directiva predeterminada es: dfn:strong.
Advertencia
El cambio de las políticas predeterminadas es contraindicado. El uso de contraseñas débiles a menudo conduce a servidores comprometidos por atacantes externos.
To change the setting to none
config setprop passwordstrength Users none
To change the setting to strong
config setprop passwordstrength Users strong
Check the policy currently in use on the server
config getprop passwordstrength Users
La Caducidad de contraseña está habilitada de forma predeterminada a 6 meses desde el momento en que se establece la contraseña. El sistema enviará un correo electrónico para informar a los usuarios cuando su contraseña está a punto de expirar.
Nota
The system will refer to the date of the last password change, whichever is the earlier more than 6 months, the server will send an email to indicate that password has expired. In this case you need to change the user password. For example, if the last password change was made in January, and the activation of the deadline in October, the system will assume the password changed in January is expired, and notify the user.
If you wish to bypass the password expiration globally (also allow access for users with expired password)
config setprop passwordstrength PassExpires no
signal-event password-policy-update
To disable password expiration for a single user (replace username with the user)
db accounts setprop <username> PassExpires no
signal event password-policy-update
Below are the commands to view enabled policies.
Maximum number of days for which you can keep the same password (default: 180)
config getprop passwordstrength MaxPassAge
Minimum number of days for which you are forced to keep the same password (default 0)
config getprop passwordstrength MinPassAge
Number of days on which the warning is sent by email (default: 7)
config getprop passwordstrength PassWarning
To change the parameters replace the getprop command with setprop, then add the desired value at end of the line. Finally apply new configurations:
signal-event password-policy-update
For example, to change to 5 «Number of days on which the warning is sent by email»
config setprop passwordstrength PassWarning 5
signal-event password-policy-update
After password expiration, the user will be able to read and send mails but can no longer access the shared folders and printers (Samba) or other computer if the machine is part of the domain.
If the system is configured as a domain controller, users can change their password using the Windows tools.
In the latter case you can not set passwords shorter than 6 characters regardless of the server policies. Windows performs preliminary checks and sends the password to the server where they are then evaluated with enabled policies.
Default language for notifications is English. If you wish to change it, use the following command:
config setprop sysconfig DefaultLanguage <lang>
Example for Italian:
config setprop sysconfig DefaultLanguage it_IT.utf8
The system can import a list of users from a CSV file. The file must contain a line per user, each line must have TAB-separated fields and must respect following format:
username firstName lastName email password
Ejemplo:
mario Mario Rossi mario@example.org 112233
Make sure the mail server is installed, then execute:
/usr/share/doc/nethserver-directory-<ver>/import_users <youfilename>
For example, if the user’s file is /root/users.csv, execute following command:
/usr/share/doc/nethserver-directory-`rpm --query --qf "%{VERSION}" nethserver-directory`/import_users /root/users.csv
The command can be executed multiple times: already existing users will be skipped.
Nota
The command will fail if mail server module is not installed