With the introduction of Nethserver ‘Mayo’ 7 beta we also have Samba4. Besides filesharing, Samba is also managing network objects like workstations, servers groups and users. Samba 4 is (more or less) compatible with Active Directory.
In Active Directory a lot is managed through GPO’s (Group policy objects). Microsoft has a decent application for that in RSAT tools. However, as far as I know, there is no opensource alternative for that.
Does this mean we are still stuck with at least 1 Windows machine running RSAT? Or is it possible to run RSAT under wine?
Ok, there is sambatool, but to be honest, that has by far not the options RSAT has.
Maybe this can be seen as a feature request: Having a webgui for managing GPO’s
In one forum I’m following, they’re saying that Samba4 is Active Directory in itself. Note, not just compatible, but AD in itself in a sense that you can make it a DC without Windows server.
More or less, this is what Samba4 is aiming, a replacement for Windows Domain Controller/Active Directory, but not the Windows desktop clients. This in mind, I think that the aim, more-or-less, have something to do with managing Windows desktop clients, which, in-turn can run RSAT. In anyways, it will be great if GPO can be managed through Linux as well.
I do know what Samba4 is about. If you have followed the development of Samba4, you could say that journey was and is a ‘bumpy road’ (to say the least). It took like 10 years to come up with something workable. Now we are at samba 4.5 released sept 7th.
I was searching for recent articles comparing Samba4 to Windows AD, but couldn’t find them. Still I believe that Samba4 lacks features Windows AD has. That’s not a strange assumption since everything in Windows AD has to be reverse engineered for Samba4 and that takes time.
Anyway, it would be great to be able to create GPO’s in a grafical (application or webgui) way using a linux machine. Oh, and it must be opensource… Anyone that finds one that will be implemented for NS gets a free beer at next fosdem… (if you prefer a coffee or soda that’s ok too… )
Would creating a (web)gui around sambatool be an option? As a non devver this seems a very difficult task… And implementing webmin just for the samba part is a bit overkill. Which looks by far not doing everything RSAT or even sambatool can do.
Sorry to open-up again this issue, but the interest here is high (at least, from our side).
Yes, but you don’t want to steal a user PC just to check a policy, right?
I have situations in which RSAT tools were installed on users’ PCs and it is really frustrating waiting for them to free up their workplace (or not freeing it up because of deadlines).
I know the task is costly to say the less, and it will require a lot of retro-engineering and trials/errors, but I think if this is going to be a distinctive trait of the future NS, this would also be a killer feature.
I was reading the question and wondering what the point was going to be of having an open-souce alternative for creating GPO’s, only used on Windows machines. It seems taking the long road for no good reason at all.
I am testing the water here. GPO’s seem to function, there are some limitations that do not come from the GPO implementation but seem to stem from config parameters on the samba end. They do not hinder any use-case scenario that would be realistic or not easily worked around.
If I run into issues I will document them for future reference, I intend to heavily utilize them.
Get yourself a nice Igel thinclient, or an Igel UDC .iso, install that windows machine on your Nethserver’s KVM and connect to it using a thin-client or a use a bootable USB to that end. It’s even backed up that way
nah, seriously, any virtual windows will do. I was running VirtualBox on Mint to that end, till we moved everything to virtualization, and it became a matter of creating an extra vm and claiming a TC.
Which you should license, BTW (and licenses are the big part of the issue). And that also you should not virtualize, if you are already virtualizing NS (on Proxmox VE or VMWare ESXi). Please remember that no/less license costs is the winning point to a non-technical decision maker.
We usually are able to justify anyways the license for a single additional Windows client for the management; still, an open-source and platform independent GUI to manage GPOs would help greatly the appeal of the solution.