Unix user account creation process
Introduction
Whilst the Windows user account creation process is well understood
there are several additional steps necessary to create fully
functioning Unix user accounts. This chapter details these
processes.
Account creation process
Create Windows account
Initial account creation activity takes place on one of the Domain
controllers. In many cases a user’s Windows account will already
exist. If it does not, then follow the normal process for account
creation. Carry out the following steps
a) Once you have a valid Windows user account select it in the “Active Directory Users and Computers”
b) Select the “Unix” tab
c) Select the “domain.local” choice from the NIS domain dropdown list
d) Change the “Login shell” field if appropriate (Note many Group1 users use /bin/csh as their shell)
e) Change the “Home directory” field if appropriate
(Note most users will have a home directory path of
“/export/home/users/g1
f) Change the “Primary group name” field if appropriate
An example of the Unix tab is shown below
Establishing primary group for file creation
Windows does not have the notion of a “primary
group”. However, to make any file creation activity that takes
place on Windows present a consistent Unix group ownership we need to
take a few extra steps.
a) In the user properties page in “Active Directory
Users and Computers” select the “Member of” tab
b) Check to see if the user is a member of the Windows
base group that matches their Unix primary group as specified on the
“Unix” tab. For example the Unix primary group may have
been set to be “Development”. The user may or may not be a
member of this group from a Windows standpoint. If the user is a member
of the appropriate group proceed to step d) . If not proceed to the
next step
c) Click on the Add button and locate and select the
appropriate Windows group. Then click OK. An example of selecting a
group called development is shown below.
d) Now back on the “Member of” tab select the
group that you have just made the user a member of
(“development” in the case of our example). Then click on
the “Set Primary Group” button at the bottom of the dialog
box. An example screen is shown below.
Establishing secondary group membership
Unix users may need to belong to more than one group. To
set this up in the Unix NIS context it is necessary to select the
appropriate group in the “Active Directory Users and
Computers” tool. Then carry out the following steps
a) Select the “Unix attributes” tab
b) If the user in question is not yet a member of this group select the Add button and add the user to the group
An example is shown below:
Initial synchronising Unix and Windows passwords
The initial creation of an account and the setting of its
Unix attributes do not cause the Unix password to be automatically
synchronised with the Windows password. The reason for this is that SFU
needs access to the plaintext version of a user’s password to set
the Unix password. On a pre-existing account this is not possible as
windows only stores the one way hashed version of the password and not
the plaintext password. There are two ways to force the passwords to
synchronize
a) Invite the user to change their Windows password. Once
the user is set up as a Unix user this will cause password
synchronisation to occur
b) Change the user’s password for them using the
“Active Directory Users and Computers” tool. In fact this
is the preferred method as it will allow us to have knowledge of the
password during the Unix home directory creation step (see below)
Home directory creation process
Home directories are created on the NAS 300 server on the U:\
drive. There are various steps, which should be followed to ensure that
the user directory is created with appropriate Unix settings.
a) Connect to the main file server with a suitably privileged account
b) Open a “cmd” window
c) CD to the U:\users directory
d) Issue a command of the form
“runas /user:username@group1software.co.uk “mkdir U:/users/username” .
Note that this command will prompt you for the user’s password. An example is shown below
Populating the new user account with start-up scripts
The last step in the account set-up process is to copy all
the sh, ksh and csh startup scripts into the users home account. The
simplest way to do this is from Unix
a) Login as root on any Unix system
b) Issue the command “su - ” to connect as the new user
c) Issue the command “cp
/export/home/unixcfg/common/skel/.* .” which will cause all the
set-up scripts to be copied into the account
d) Issue a logout or ^D command to exit back to root
The Unix user account is now set-up
Next (Troubleshooting)
Back to menu
