I know this is bread-and-butter AIX admin stuff, but recorded here for quick reference.
I am assuming the server you are running this from has password-less ssh access to the remote target server, here is a quick script to do an AIX user account reset and change of password to something random.
The password set will be logged in this case to /home/troyski/reset-user.sh.log so you can advise the user.
It also checks the target user is not authenticated via AD first.
# Quick script to reset a user account
# Declare vars
progname=reset-user.sh
logfile=/home/troyski/${progname}.log
user=$1
node=$2
# Declare funcs
gen_password()
{
pass=$(dd if=/dev/urandom bs=16 count=1 2>/dev/null | openssl base64 | sed "s/[=O/\]//g" | cut -b1-8)
}
syntax()
{
logmsg "Syntax : $progname [username] [target server]"
exit 1
}
logmsg()
{
message=$1
echo "$(date) : $message" | tee -a $logfile
}
# Script starts here
logmsg ===========================================
logmsg Started
[[ $# -lt 2 || $# -gt 2 ]] && syntax
# Ping the target server to make sure it's alive & if it does check the user exists
ssh $node "lsuser $user" >/dev/null 2>&1
RC=$?
case $RC in
255) # Host did not resolve
logmsg "$node not found"
exit 2
;;
2) # User did not exist
logmsg "$user does not exist on $node"
exit 3
;;
0) # User and host ok
;;
*) # Unhandled error
logmsg "Unhandled error : $RC"
exit 4
;;
esac
# Check the user isn't auth via LDAP
check=$(ssh $node "lsuser -a registry $user")
if [[ "$check" = "$user registry=KRB5files" || "$check" = "$user registry=KRB5Afiles" ]];then
logmsg "This user auth is AD so I can't reset the password on $node"
exit 5
fi
# Reset the password to a random one and log it
gen_password
ssh $node "chuser unsuccessful_login_count=0 $user"
ssh $node "chuser login=true $user"
ssh $node "echo \"${user}:${pass}\" | chpasswd"
logmsg "Reset $user on $node to $pass"
logmsg Finished |
