Site Navigation
What's This All About?
Linux Server Setup
   Initial LDAP Setup
   NFS Setup
   SAMBA Setup
   Additional LDAP Setup
Linux Client Setup
   LDAP Setup
   NFS Setup
Mac OS X Client Setup
   LDAP Setup
   NFS Setup
Windows 2000 Client/Domain Setup
Adding Users and Final Use
Add users information

We did it. We finally have a fully functional Network Authorization system, and now it's time to add users into it. Unfortunately, this is a very complex process as well. You will want to (almost have to) create some sort of scripts which will automate this process for you. Otherwise, it is just too much work to do for every user in the system. In fact, it's so much work that it basically is not worth using the system if you had to do each one by hand.

In the future, we hope to post examples of the scripts we use for adding users and setting the passwords for the users. Until then, here are the step by step instructions for adding ONE user into the system:
  • Create a samba_user.ldif file for the user, and change the entries for: dn:, uid=username, cn=username, uid, uidNumber, gidNumber, homeDirectory, gecos, displayName, rid and primaryGroupID (using the specific samba convention shown below), and profilePath. Most other entries are the same for all users, but check carefully, becuase I may have missed something in this list.
    • rid = ( uidNumber *2) + 1000
    • primaryGroupID = ( uidNumber *2) + 1001

      So, for uidNumber 11201, the rid number would be 23402, and the primaryGroupID number would be 23403.

  • Import that file using the ldapadd -x -D'cn=admin,dc=muppet,dc=cs,dc=dixie,dc=edu' -W -f samba_user.ldif command (where samba_user.ldif file is in the current working directory). You must have the LDAP admin password to do this.
  • Now create a group.ldif file for the unix group the new user will be associated with, and change the entries for: dn:, uid=username, cn=username, along with your server information. Most other entries are the same for all groups, but check carefully, becuase I may have missed something in this list. Also, keep in mind that the gidNumber should be the same as was used in the samba_user.ldif file, and that there is no password for a group, so leave it at {crypt}x.
  • Import that file using the ldapadd -x -D'cn=admin,dc=muppet,dc=cs,dc=dixie,dc=edu' -W -f group.ldif command (where group.ldif file is in the current working directory). You must have the LDAP admin password to do this.
  • Set the LDAP password. You must first capture the password in plain text, then process it with the a standard unix crypt() function, then modify the LDAP database for that user and add the crypted password string. Make sure that the LDAP entry for userPassword has {crypt} before the encrypted password so it knows which encryption algorithm it is using (Mac OS X must use crypt, so that is why we use that). You use ldapModify to change an LDAP entry. We hope to have better/ more detailed instructions on this step soon.
  • Set the SAMBA password, using the same password as for LDAP, using the smbpasswd 'username' 'password' command. You do not have to use the same password as we did for LDAP, but the point is that we want the users to have ONE unified account for all platforms, so we use the same password for LDAP and SAMBA.
  • Create an empty directory on the SAMBA server at /usr/local/var/samba/profiles/username (or where ever you specified that profiles would be stored in smb.conf). You do not have to create the profile itself, SAMBA will make a default one the first time the user logs on to a Windows client.
  • Make an new directory on the NFS server at /home/username where the home directory will be stored.
  • Now we need to copy over the /etc/skel and /etc/skel.mac directories to the new users home directory we created above. Use the two following commands to copy the entire two directories with everything in tact:
    • # for unix
      tar -cf - -C /etc/skel . | tar -xf - -C /home/username/

    • # for osx
      chown -R user.group /home/username
  • Now use the chown command to change the ownership and group of the new home directory for the user.
    • chown -R user.group /home/username


That should be all. With all of those steps done, the user should now have full use of the system on Linux, Windows 2000, and Mac OS X clients. As I stated above, you will most certainly want to create some form of script to automate this process, or it is just too much work. Hopefully we can have samples posted here soon.

For our system, we use two main scripts. The first one adds the user and creates the files and directories needed, but it does not set the passwords. This is done so that student accounts can be added before classes start, and then we can set the passwords later. The second script creates or modifies the passwords for the user, both the LDAP and the SAMBA passwords, although that is transparant to the user.

Although these are NOT the final scripts we use, and they will not provide all the functions needed, here are two template scripts to start you off with. There is a ldap_adduser.pl and ldap_passwd.pl file, which are both perl scripts. You will have to modify them to work for your system, and all they do is add a basic user and set the password. They do not create files or do the other steps.

Along with those two scripts, we have also created several different ones. One restores the default Mac OS X library folder if the user messes things up. Another one does the same thing for the Windows profile. Then, there are also scripts which change permissions on the public_html folder so the user can server web pages, and another to activate php support for the user. There are numerous other cool features you could add as well.