[Sussex] Active Directory, Logon Scripts and Linux

[Matthew Macdonald-Wallace]

Morning all,

This is monday-morning brainstorming more than anything else, so all  
comments are welcome!

We will be getting some linux workstations in the company that may  
need to be on the AD domain.

I've been asked to look at the possibility of this as no one else here  
knows Linux well enough [0].

Whilst I'm happy following various tutorials on joining the PCs to the  
domain, people will require access to their "shared drives" on the  
Linux machines as they do on windows.  My theory is thus:

1) Join machine to domain
2) At login (probably via G/X/KDM), run a script that does the following:

- get UID
- based on UID, get AD Groups
- map AD Groups to local Groups
- check UID is in appropriate local groups if not, add
- based on groups, map shares via SAMBA to /home/USERS/$userName/$share
- Add shortcuts to desktop for $share
- log date and time of login to database

3) Display welcome screen and then link off to Intranet.

This is basically what our current logon script does for the windows  
boxes - here come the questions:

1) Can I do this in BASH, or is there an alternative "preferred" method?[1]
2) If I were to use PHP (coz it's what I know!) - using system calls  
to map drives/add to groups etc - would this pose a serious risk?
3) Are there any tutorials out there that people know of on how to do  
this already?[2]

Thanks in advance,

Matt.

[0] It's always nice when management recognise that you can help them out!
[1] Please, let's not turn this into a "PERL IS TEH H4x0R!" debate... ;)
[2] In line with recent discussions on this list, I promise to publish  
any knowledge, tips, tricks or otherwise that I discover whilst trying  
to get this working!
-- 
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
"Sed quis custodiet ipsos custodies?"