| Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
08-17-2005, 03:17 PM
|
#1
|
|
LQ Newbie
Registered: Aug 2005
Location: Solon, Ohio
Posts: 4
Rep: 
|
Managing user accounts in LDAP
A few months ago I moved a clients office to an LDAP / samba domain. Previously we used a Windows program that would edit the registry for users that would restrict them from doing things, like group policies. We are now finding out that this program does not work with domain accounts. I have read the SAMBA3-HOW-TO Collection document. In it, it references using Microsoft AD to creage group policies. My issue is that I dont have a Microsft Server with AD on it, hence why everything is Linux. The clients range from Windows 2000 to XP.
Is there any simple / not-simple way to create and incorporate group policies with LDAP ?
 |
|
|
|
|
08-22-2005, 02:28 PM
|
#2
|
|
Member
Registered: Aug 2003
Location: Minnesota, USA
Distribution: RedHat, Suse
Posts: 106
Rep: 
|
No, there is not a method for creating group policies in LDAP. This is a function that requires Active Directory.
I assume that previously you used the local security policy area for restricting access to specific areas in Windows. Perhaps you need to look into other options... K-12 environments typically use other apps like "Clean Slate" - Fortres for doing this kind of stuff, protecting student labs, etc.
Jon Johnston
Creative Business Solutions
IBM, Microsoft, Novell/Suse and Sophos Consulting
952-544-1108
http://www.cbsol.com
Blog: http://bingo.cbsol.com |
|
|
|
|
08-22-2005, 02:56 PM
|
#3
|
|
LQ Newbie
Registered: Aug 2005
Location: Solon, Ohio
Posts: 4
Original Poster
Rep:
|
Quote:
Originally posted by jjohnston62
No, there is not a method for creating group policies in LDAP. This is a function that requires Active Directory.
K-12 environments typically use other apps like "Clean Slate" - Fortres for doing this kind of stuff, protecting student labs, etc.
|
Well that really stinks. We do use an application like "Clean Slate". Although it doesn't do everything we want and doesn't really work in a domain environment. I have looked into 'Local Policy' settings but am not sure if it would be too much work if I had to change 1 setting and then have to change it on all the computers.
How do System Administrators enforce policies in an LDAP Domain environment with Windows clients? Do they use software like "Clean Slate"? The Samba-HOW-TO mentioned being able to use group policies, but it doesn't look possible.
Thanks for the reply |
|
|
|
|
08-24-2005, 08:42 AM
|
#4
|
|
Member
Registered: Aug 2003
Location: Minnesota, USA
Distribution: RedHat, Suse
Posts: 106
Rep:
|
To be honest, most of my clients that are using linux like this don't enforce policies. Much of the software that's being used by end users requires administrative rights, or they simply don't worry that much about locking the machines down that tightly.
Yes, it results in some problems, but if people understand what we're doing, not as many as you'd think.
OTOH, I've seen AD environments where the admins went nuts with GPO and the environment is so FUBAR that it's impossible to change anything without severe breakage.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 02:15 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
