[Samba] Group Policy Linux Machines

Gregory Carter gcarter at aesgi.com
Fri Feb 1 15:31:00 MST 2013

Replace ibus with dbus in my comments.

I am having issues with ibus (Fedora 18) right now writing a letter in 
Chinese, and it was on my mind.

对不吃 -:) (sorry)

In any case, 
I think is too much Microsoft centric. I mean tools like SCCM do the job 
nicely on the windows side, but I want this rat race to end with just 
the SMB part of the equation which in its current iteration, SMB is a 
fairly nice file network protocol.)
(i.e. http://en.wikipedia.org/wiki/System_Center_Configuration_Manager)

Ideally this management or policy server for Linux would digitally sign 
each workstation in a particular policy group, then simply send XML 
message trees to the client daemon on the workstation where it would 
read the XML tree and configure pam.d authentication modules, remove or 
install rpm/deb packages and that is about it.

I think that would address almost 80% of the issues on this list I have 
read about.

I mean it really could be that simple. That hardest part would be 
generating the X509 documents for the workstations and organizing them 
with some sort of utility that won't drive the average person insane 
managing possibly thousands of certs and what certs belong to what 
policies you create.

The other 20% of the issue I think is how to integrate with Samba. To 
start with that I think defining policies at login that have anything to 
do with SAMBA, such as mount points would be a good place to start. Then 
naturally printer organization and setup.

Then we can get at the last 5% which is possible combination of policy 
groups across different architectures to enforce a given policy for storage.
(i.e. possibly writing a service for Windows/OS X which does something 
similar under LINUX.)

But I think it makes a sane approach to understand that this wouldn't be 
a project to replace SCCM.


On 02/01/2013 03:50 PM, Chris Weiss wrote:
> On Fri, Feb 1, 2013 at 3:44 PM, Gregory Carter <gcarter at aesgi.com> wrote:
>> I would like to submit a RFP for Group Policy Implementation on Linux
>> desktops.
> this seems relevant, I've not tried implementing though.
> http://www.thevarguy.com/2011/04/27/likewise-enterprise-a-hands-on-look/

More information about the samba mailing list