[Samba] Group Policy alternative (Looking for feedback on a project)

Caglar Ulkuderner caglar at ulkuderner.net
Wed Jun 12 16:48:12 UTC 2024 

Check sambabox.io

On Wed, Jun 12, 2024 at 00:01 Darin via samba <samba at lists.samba.org> wrote:

> Hello all,
>
> So I am working on a group policy-like system based around Ansible.
> Essentially, I am going to use Ansible playbooks as a cross-platform
> alternative to the Windows registry and Group Policy Objects (GPOs). In
> Samba, the way the group policy is applied is that it reads the set
> registry values and then tries to translate that into Linux language.
> This is inefficient and limiting as from my understanding it effectively
> requires a hand-built translator. I figured using Ansible for this might
> be smart as Ansible playbooks are just configs that get translated into
> commands, which makes them portable and flexible. Additionally, Ansible
> has a large community backing it with lots of plugins, so doing
> administration with Ansible should be easier. With this approach, you
> could even have a domain-joined machine run playbooks on other machines.
> I envision this to be a more decentralized approach to administration
> that takes advantage of the nature of Active Directory.
>
> For the design, the Ansible playbooks will be stored in the sysvol
> folder. On each host, Ansible will be set up by a daemon and then it
> will run the playbooks against the local host based on the objects in
> Lightweight Directory Access Protocol (LDAP). It will read LDAP and
> execute the proper playbooks. I am not sure if I can reuse some parts of
> group policy for this but I am hoping not to reinvent the wheel. I know
> that the Windows Remote Server Administration Tools (RSAT) are unlikely
> to work for this kind of thing so I probably will need to built a
> management tool.
>
> When I was working on coming up with a design for this I noticed is that
> there is an apparent lack of free and open-source cross-platform tools
> for Active Directory. It seems like Microsoft RSAT is the only tool
> suite that can easily manage AD systems. You could argue that Apache
> Directory is an alternative, but in my experience, software coming from
> Apache isn't always the most reliable or up to date. I also could use
> Samba-tool, but as far as I can tell, Samba tool is fairly limited and
> only works on Samba domain controllers. I actually started initial work
> on a GUI tool for managing users in AD but quickly figured out that I am
> very bad at GUI programming. If someone is working on a cross-platform
> GUI for AD, please let me know.
>
> To sum it up, I am aiming to build an Active Directory toolset that can
> administer Linux machines from Active Directory. I am looking for
> feedback on this design as I fairly new at this.
>
> Thank you for your time,
>
> Darin
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list