Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A few months ago I moved a clients office to an LDAP / samba domain. Previously we used a Windows program that would edit the registry for users that would restrict them from doing things, like group policies. We are now finding out that this program does not work with domain accounts. I have read the SAMBA3-HOW-TO Collection document. In it, it references using Microsoft AD to creage group policies. My issue is that I dont have a Microsft Server with AD on it, hence why everything is Linux. The clients range from Windows 2000 to XP.
Is there any simple / not-simple way to create and incorporate group policies with LDAP ?
No, there is not a method for creating group policies in LDAP. This is a function that requires Active Directory.
I assume that previously you used the local security policy area for restricting access to specific areas in Windows. Perhaps you need to look into other options... K-12 environments typically use other apps like "Clean Slate" - Fortres for doing this kind of stuff, protecting student labs, etc.
Originally posted by jjohnston62 No, there is not a method for creating group policies in LDAP. This is a function that requires Active Directory.
K-12 environments typically use other apps like "Clean Slate" - Fortres for doing this kind of stuff, protecting student labs, etc.
Well that really stinks. We do use an application like "Clean Slate". Although it doesn't do everything we want and doesn't really work in a domain environment. I have looked into 'Local Policy' settings but am not sure if it would be too much work if I had to change 1 setting and then have to change it on all the computers.
How do System Administrators enforce policies in an LDAP Domain environment with Windows clients? Do they use software like "Clean Slate"? The Samba-HOW-TO mentioned being able to use group policies, but it doesn't look possible.
To be honest, most of my clients that are using linux like this don't enforce policies. Much of the software that's being used by end users requires administrative rights, or they simply don't worry that much about locking the machines down that tightly.
Yes, it results in some problems, but if people understand what we're doing, not as many as you'd think.
OTOH, I've seen AD environments where the admins went nuts with GPO and the environment is so FUBAR that it's impossible to change anything without severe breakage.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.