linux os improvement

can anyone help to share the knowledge on linux os improvement?
1) os account

• use window AD authentication, such as ldap, but how to set /etc/passwd, where to put user home?

2) user account activity

• how to log os user activity

share the idea and what tools can do that...thx

Windows Services for UNIX - Wikipedia, the free encyclopedia
We have used Widows AD with Linux workstations by installing NIS Server portion od SFU package. After SFU's NIS, You will see posixAccount and shadowAccount capabilities into AD account.

For 1) - imho, there is no simple way to answer this question, because it depends on what you have in your current environment, what do you want to end up with, and how do you want to manage everything. For instance:

• How many users?
• How many systems?
• Are your linux systems in a NIS domain?
  Multiple NIS domains?
• Will authentication be done from AD using NIS or LDAP?
• Do you use NIS for automounting and to serve other maps?
  If so, will these be served by AD or by your NIS server?
• Do you want an open source solution or a commercial solution?

I know there will be people who will say "this is what you need to do", but what works for 50 users and 20 systems may not scale to 10,000 users. It all depends on your requirements.

For 2) - are you looking for login/logout times? Or per command activity?

I don't suggest using NIS. If you want to authenticate against AD there are commercial products available. Check out Unix & Linux Active Directory Integration and Authentication Tools from Quest Software. It supports multiple UNIX /Linux operating systems and applications.

let me share my idea here
1) ~100 users
2) ~100 linux machines, not NIS or any domain
3) authenticate by window AD
4) the most difficult question - automount home (don't know use NIS or Window)
5) commerical is acceptable depend on the price $$$

I expet to logon command activity, use command "script" is one option, but have issue...I heard powerbroker can do that but expensive...any option

Other commercial solutions include:

• Active Directory-based auditing, access control, and identity management for your UNIX, Linux, Mac OS, Java and web platforms from Centrify
• Likewise Software: Join Linux, Unix and Mac to Active Directory.

I am sure there are many more. Maybe we need to start a forum on implementing authentication using LDAP from AD?

If your linux kernel was properly compiled (see man acct (linux) for more information), you can just enable per-process accounting with man accton (linux).