[Samba] Group Policy alternative (Looking for feedback on a project)

Anders Östling anders.ostling at gmail.com
Wed Jun 12 04:43:50 UTC 2024

Love this! I can’t help with other than testing once you have something up
and running.
Good luck with your project.

------ -------------------- 8 ------------------ ------
"A *wise* man once told me - Any idiot can do backups, but it takes a
genius to successfully restore"

Anders Östling
+46 768 716 165 (Mobil)

tis 11 juni 2024 kl. 23:01 skrev Darin via samba <samba at lists.samba.org>:

> Hello all,
> So I am working on a group policy-like system based around Ansible.
> Essentially, I am going to use Ansible playbooks as a cross-platform
> alternative to the Windows registry and Group Policy Objects (GPOs). In
> Samba, the way the group policy is applied is that it reads the set
> registry values and then tries to translate that into Linux language.
> This is inefficient and limiting as from my understanding it effectively
> requires a hand-built translator. I figured using Ansible for this might
> be smart as Ansible playbooks are just configs that get translated into
> commands, which makes them portable and flexible. Additionally, Ansible
> has a large community backing it with lots of plugins, so doing
> administration with Ansible should be easier. With this approach, you
> could even have a domain-joined machine run playbooks on other machines.
> I envision this to be a more decentralized approach to administration
> that takes advantage of the nature of Active Directory.
> For the design, the Ansible playbooks will be stored in the sysvol
> folder. On each host, Ansible will be set up by a daemon and then it
> will run the playbooks against the local host based on the objects in
> Lightweight Directory Access Protocol (LDAP). It will read LDAP and
> execute the proper playbooks. I am not sure if I can reuse some parts of
> group policy for this but I am hoping not to reinvent the wheel. I know
> that the Windows Remote Server Administration Tools (RSAT) are unlikely
> to work for this kind of thing so I probably will need to built a
> management tool.
> When I was working on coming up with a design for this I noticed is that
> there is an apparent lack of free and open-source cross-platform tools
> for Active Directory. It seems like Microsoft RSAT is the only tool
> suite that can easily manage AD systems. You could argue that Apache
> Directory is an alternative, but in my experience, software coming from
> Apache isn't always the most reliable or up to date. I also could use
> Samba-tool, but as far as I can tell, Samba tool is fairly limited and
> only works on Samba domain controllers. I actually started initial work
> on a GUI tool for managing users in AD but quickly figured out that I am
> very bad at GUI programming. If someone is working on a cross-platform
> GUI for AD, please let me know.
> To sum it up, I am aiming to build an Active Directory toolset that can
> administer Linux machines from Active Directory. I am looking for
> feedback on this design as I fairly new at this.
> Thank you for your time,
> Darin
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list