Linux @lemmy.ml Possibly linux @lemmy.zip 7mo ago

TL;DR You can manage Linux Machines with group policy

dmulder.github.io 3 Introduction | Group Policy on Linux

<p>This book introduces the user to opensource tools for managing Linux clients via Group Policy.</p>

I just though I'd share

Edit: I'm not sure if this actually works. All else fails fall back to Ansible

Samba (software) @lemmy.sdf.org sambaheaven @lemmy.sdf.org 1mo ago

3 Introduction | Group Policy on Linux

dmulder.github.io /group-policy-book/intro.html

38 comments

TD;DR

Too Dull; Didn't Read?
- Too dumb: Don't read
I thought this stopped working after MS pulled the Unix subsystem, as samba was using those attributes to manage the Linux systems?
- Microsoft pulled those from the UI, but if you're adventurous you can just shove those attributes in to user with power shell and it works the same.
  
  Then just use sssd instead of NIS, surprised me at work when this worked.
  
  Do you have any documentation on this by any chance? I don't really like messing with ad schemas
- I don't know. I just found this why looking for something else.
  
  Grid by Zorin, whenever it gets released, will be what you want
Why why why would you do that?
- Because your insane?
  
  Actually it might be useful in mixed Windows Linux environments.
- Compliance. Control. Security. Lots of things?
  
  If you don't trust your employees, though, why give them Linux at all? Windows and Mac make the perfect locked down / restrictive / don't trust people platforms out there. I mean, I understand locking down and securing a server, but a Linux desktop? The only value a Linux desktop has is the freedom to configure it how you like with the apps you like.
Keep your filthy Microsoft mitts off my Linux environment
- Do you run a Linux environment? If so, you should post about it (don't reveal to much info obviously)
  
  I run linux on my kettle don't you know
This seems like a minefield of clashes with distro-specific behavior. What happens if your system is using different software than what it expects or a policy that exists in Windows doesn't always make sense in the target environment? I wonder how it is being dealt with?

And what about more broad policies like denying filesystem write access?
- I'm also interested in this. I'm guessing you'd have to essentially have multiple overlapping sets of policies.
  Ansible does some of each.
I hope the global catalog gets finished one day for freeipa.
- FreeIPA is very unreliable in my experience. Samba is much more reliable from what I can tell.
  
  My experience is quite the opposite. I have and still use both and find samba one of the more unreliable things. Freeipa does what it does with no issues.
Ironically I was trying to push for some rnd to run all of the GPOs for windows boxes as local policy ran by ansible. Just could stand all of the wonkyness AD introduced into the system.
- Yeah, we need better tools
Very cool!
What does TD;DR mean? Or did you mean TL;DR?

38 comments