[Samba] Group Policy alternative (Looking for feedback on a project)

Rowland Penny rpenny at samba.org
Wed Jun 12 16:59:54 UTC 2024 

On Wed, 12 Jun 2024 19:48:12 +0300
Caglar Ulkuderner via samba <samba at lists.samba.org> wrote:

> Check sambabox.io

You might also want to check the pricing.

Rowland

> 
> On Wed, Jun 12, 2024 at 00:01 Darin via samba <samba at lists.samba.org>
> wrote:
> 
> > Hello all,
> >
> > So I am working on a group policy-like system based around Ansible.
> > Essentially, I am going to use Ansible playbooks as a cross-platform
> > alternative to the Windows registry and Group Policy Objects
> > (GPOs). In Samba, the way the group policy is applied is that it
> > reads the set registry values and then tries to translate that into
> > Linux language. This is inefficient and limiting as from my
> > understanding it effectively requires a hand-built translator. I
> > figured using Ansible for this might be smart as Ansible playbooks
> > are just configs that get translated into commands, which makes
> > them portable and flexible. Additionally, Ansible has a large
> > community backing it with lots of plugins, so doing administration
> > with Ansible should be easier. With this approach, you could even
> > have a domain-joined machine run playbooks on other machines. I
> > envision this to be a more decentralized approach to administration
> > that takes advantage of the nature of Active Directory.
> >
> > For the design, the Ansible playbooks will be stored in the sysvol
> > folder. On each host, Ansible will be set up by a daemon and then it
> > will run the playbooks against the local host based on the objects
> > in Lightweight Directory Access Protocol (LDAP). It will read LDAP
> > and execute the proper playbooks. I am not sure if I can reuse some
> > parts of group policy for this but I am hoping not to reinvent the
> > wheel. I know that the Windows Remote Server Administration Tools
> > (RSAT) are unlikely to work for this kind of thing so I probably
> > will need to built a management tool.
> >
> > When I was working on coming up with a design for this I noticed is
> > that there is an apparent lack of free and open-source
> > cross-platform tools for Active Directory. It seems like Microsoft
> > RSAT is the only tool suite that can easily manage AD systems. You
> > could argue that Apache Directory is an alternative, but in my
> > experience, software coming from Apache isn't always the most
> > reliable or up to date. I also could use Samba-tool, but as far as
> > I can tell, Samba tool is fairly limited and only works on Samba
> > domain controllers. I actually started initial work on a GUI tool
> > for managing users in AD but quickly figured out that I am very bad
> > at GUI programming. If someone is working on a cross-platform GUI
> > for AD, please let me know.
> >
> > To sum it up, I am aiming to build an Active Directory toolset that
> > can administer Linux machines from Active Directory. I am looking
> > for feedback on this design as I fairly new at this.
> >
> > Thank you for your time,
> >
> > Darin
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >

More information about the samba mailing list