To clarify for the benefit of everyone, with High Sierra you need an admin account which has a Secure Token in order to add a Secure Token to any other account. As djstix has no account with a Secure Token - it is catch22.
Whilst it does not solve the problem Richard Trouton's article on the Der Flounder link provided by Barney-15E is the best explanation of the problem.
Since as per Richard's article and other sources the various command line approaches cause rather than solve the problem there is no point looking at options like using dscl to create a fresh admin account. What might be worth trying is the suggestion listed in the second link provided by Barney-15E which is to cause the Setup Assistant to be re-run.
The Setup Assistant wizard which normally runs as part of a fresh macOS install includes a step to create the first user account on a Mac and this will normally be both an admin and Secure Token enabled account. Whilst this Setup Assistant only normally runs once as part of a fresh install you can trick your Mac in to running it again by doing the following.
- See - http://www.theinstructional.com/guides/how-to-re-run-the-os-x-setup-assistant
- As per the above but adapted for the newer High Sierra - boot from the Recovery Partition
- Run the Terminal utility from the Utilities menu
- Type rm "/Volumes/Macintosh HD/var/db/.AppleSetupDone"
- Quit Terminal
- Select Restart from the Apple menu
Note: I believe that /var/db is normally protected by Apple's SIP so you need to boot from the Recovery Partition to get round this.
When you boot this time it should hopefully re-run the Setup Assistant and allow you to create a new user account. You would then login as this new user and (hopefully) use it to add a Secure Token to all your other user accounts.
If this approach does not work then I feel you will need to backup your data and reinstall everything from scratch.
