Nichewares & Consulting, LLC

Introduction
This process is relatively straight forward, and is accomplished using scripts under Windows and Linux. A visual basic script is run on the Windows side that creates a text file containing Windows usernames (users of a particular Active Directory group). This text file is then accessed via Samba and used as standard input for a bash script running on the Linux box.

A global group, “LinuxAccounts,” was created on the Window’s domain, and user accounts were added to this group accordingly.

For the sake of this document, the Window’s domain will be referred to as example.com. RedHat Linux 7.3 is the Linux OS, and Windows 2000 SP4 is the Window’s OS.

Setup on Windows
Create a standard Windows account called “linux-account” and set it’s password. For this document, the password will be “example”. When accessing the shared directory on the Window’s machine, the linux box will use this account.

On the operations master for the Window’s domain (named optmast for this document), create the directory c:\exportsforlinux and share this directory as linuxaccounts. Make this share read-only but be sure that this share and directory’s permissions allow read access for the account “linux-account’. Next copy and paste the following vbscript into a notepad document and save it in a safe location on the operations master.

Windows VBScript

Dim Group
Dim GroupName
Dim GroupDomain
Dim List
Dim fso, ts

GroupName = "LinuxAccounts"
GroupDomain = "example.com"
Set Group = GetObject("WinNT://" & GroupDomain & "/" & GroupName & ",group")

List = "#thouz0 " 'filler so there no blank line at the top of the file.
'this random string is to help thwart hackers since
'this will ultimately be a linux account.

For Each Member in Group.Members
List = List & vbCrLf & Member.Name
Next

Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.CreateTextFile("c:\exportsforlinux \" & GroupDomain & "-" & GroupName & ".txt", true)

ts.WriteLine(lcase(List))
ts.Close

This script can be scheduled to run every hour or every day, or can be run by double-clicking on it.


Setup on the Linux Box
To allow accessing Window’s shares from linux, Samba must be installed (at least the client).

Create a directory in /mnt upon which the window’s share will be mounted (e.g. /mnt/windows). Then paste the following into a file (named scriptfile for this document), and put this file in the /etc/cron.hourly directory. After creating the script file, be sure to “chmod u+x /etc/cron.hourly/scriptfile” so that crond can execute it.

Bash Script

#!/bin/bash
#
#This script automates the creation of linux user accounts from a text file that contains
#members of the W2K example.com domain's "LinuxAccounts" group
#
#This first line mounts the share "linuxaccounts" on the operations master
mount -t smbfs -o username=linux-account,password=example //optmast/linuxaccounts /mnt/windows
#
#This line copies the contents of the export file from W2K and in the process, removes
#DOS carriage returns. It is copied to /tmp/newaccounts
cat /mnt/windows/example.com* | sed s/^M$//g > /tmp/newaccounts
#
#This unmounts the W2K share
umount /mnt/windows
#
#This section does the actual importing of accounts and redirects stderr to /dev/null
#The home directory can be specified to other locations than /home, and here the login shell is set to
#/sbin/nologin (useful when the linux box will be used as a mail server and you don’t want users actually
#logging into a console on the linux box)
for USER in $(cat /tmp/newaccounts)
do useradd -d /home/$USER -m -s /sbin/nologin $USER 2> /dev/null;
done

One note about this script: ^M must be inserted using vi editor by typing ctrl-V ctrl-M in succession. This is only one of many ways to remove dos carriage returns. Other methods can be found by searching google groups.