automatically creating users

I'm still a newbie to linux administration and I'm used to the
novell/ms way of doing things, so I'm not sure about the right
terminology to use here. Let me describe what I want to do.

With Windows XP Professional/2000/NT, a user needs a local account on
a machine to log on to the computer. However, if the computer is
networked, the user can authenticate against the active directory
server and have a local account automatically created. New users can
be added once on the server and the account can then log in to all
client computers that point to the correct domain.

If I have a linux box, I have to create the account locally for the
user to log in. I used Red Hat 9, told it to use kerberos as its
authentication source and correctly pointed it at our university's
kerberos servers. But in order to let a user login on the machine, I
still had to type "useradd mynewuser" at the command prompt on the
machine. If a user, say a student, can log in to any one of 50
different lab machines, I have to add that user to /etc/passwd on each
of those 50 machines. I know there are ways to script and cron this
so it happens automatically, but the other way just seems so much
easier.

What I'd like to be able to do is tell the linux box that any user
from a specific organizational unit in the active directory tree (or
any units under it) can log in on the box. Failing that, just that
any person authenticated by the university's active directory
domain/kerberos servers can log in.

If this were a pure linux environment, I assume I could just link
/etc/passwd and /etc/shadow to a networked share and then have 1 point
for all the computers or something similar.

Can anyone help me out or point me to some good man or how-to pages?

Thanks,

jd142@hotmail.com (JS) wrote in message news:<b072334c.0307100709.4a8323fc@posting.google. com>...
> I'm still a newbie to linux administration and I'm used to the
> novell/ms way of doing things, so I'm not sure about the right
> terminology to use here. Let me describe what I want to do.
>
> With Windows XP Professional/2000/NT, a user needs a local account on
> a machine to log on to the computer. However, if the computer is
> networked, the user can authenticate against the active directory
> server and have a local account automatically created. New users can
> be added once on the server and the account can then log in to all
> client computers that point to the correct domain.
>
> If I have a linux box, I have to create the account locally for the
> user to log in. I used Red Hat 9, told it to use kerberos as its
> authentication source and correctly pointed it at our university's
> kerberos servers. But in order to let a user login on the machine, I
> still had to type "useradd mynewuser" at the command prompt on the
> machine. If a user, say a student, can log in to any one of 50
> different lab machines, I have to add that user to /etc/passwd on each
> of those 50 machines. I know there are ways to script and cron this
> so it happens automatically, but the other way just seems so much
> easier.
>
> What I'd like to be able to do is tell the linux box that any user
> from a specific organizational unit in the active directory tree (or
> any units under it) can log in on the box. Failing that, just that
> any person authenticated by the university's active directory
> domain/kerberos servers can log in.
>
> If this were a pure linux environment, I assume I could just link
> /etc/passwd and /etc/shadow to a networked share and then have 1 point
> for all the computers or something similar.

No if this were a pure Linux enviorment you would use NIS or NIS+.
But I understand that you are a newbie. Ok newbie there are a lot of
article's out now
that give a howto on this. The theory is that you use a mix of LDAP
Kerberos and Active Directory to authenticate the users against the
AD. This is a major proje ct having done this myself. You will learn a
lot about this whole design. Good Luck. Do a search on google since
your not the only on e doing this.



Chris May, LPI-C, SCSA
Systems Analyst/Unix Administrator
Columbus Hospital

You should set up a telnet service and arrange the firewall so that it
allows connections from the network you want to. (I think. I'm a newb too.)
"JS" <jd142@hotmail.com> wrote in message
news:b072334c.0307100709.4a8323fc@posting.google.c om...
> I'm still a newbie to linux administration and I'm used to the
> novell/ms way of doing things, so I'm not sure about the right
> terminology to use here. Let me describe what I want to do.
>
> With Windows XP Professional/2000/NT, a user needs a local account on
> a machine to log on to the computer. However, if the computer is
> networked, the user can authenticate against the active directory
> server and have a local account automatically created. New users can
> be added once on the server and the account can then log in to all
> client computers that point to the correct domain.
>
> If I have a linux box, I have to create the account locally for the
> user to log in. I used Red Hat 9, told it to use kerberos as its
> authentication source and correctly pointed it at our university's
> kerberos servers. But in order to let a user login on the machine, I
> still had to type "useradd mynewuser" at the command prompt on the
> machine. If a user, say a student, can log in to any one of 50
> different lab machines, I have to add that user to /etc/passwd on each
> of those 50 machines. I know there are ways to script and cron this
> so it happens automatically, but the other way just seems so much
> easier.
>
> What I'd like to be able to do is tell the linux box that any user
> from a specific organizational unit in the active directory tree (or
> any units under it) can log in on the box. Failing that, just that
> any person authenticated by the university's active directory
> domain/kerberos servers can log in.
>
> If this were a pure linux environment, I assume I could just link
> /etc/passwd and /etc/shadow to a networked share and then have 1 point
> for all the computers or something similar.
>
> Can anyone help me out or point me to some good man or how-to pages?
>
> Thanks,