Jump to content

Koroshi Linux

Steven

By Steven
in *nix

 Share

Recommended Posts

Steven

Steven

Posted
Posted

Hi all, Just been looking at Koroshi for schools. Looks great etc for an alternative to a windows domain controller. Only thing I can see it lacks of is the ability to lock down the windows clients?

 

Anyone know of a linux alternative to group policy? :)

featured_spectre

featured_spectre

Posted
Posted (edited)

mmmm... Not in such a direct way. By the sounds of it, you have an Active Directory Domain with some linux or UNIX servers or workstations.

 

 

There is a lot you can do with Active Directory in linux, even have accounts in Active Directory log into Linux (though I do this now and I don't much care for it for different security reasons which I am in the process of proving)

 

 

GPO In Windows is a set of objects based around Windows API and domain archtype. for a GPO to work in Windows, a machine account would first have to be created for that Linux machine, but the much more difficult task is that a GPO would have to be written for a linux OS, which I have never seen before.

 

You have a few options, and the best approach, in my opinion, is NIS.

 

with NIS, you can create a machine database from an NIS metafile with whatever information you want in it, and query it it with the ypcat command. This you can use to set your execution scope in your NIS domain.

 

If we aren't talking about a lot of machines though, another option is to setup a .rhosts file on each linux machine and give yourself a trusted host that you can execute commands as root. Then, setup some cron jobs for the various things you want to perform.

 

oh yeah, if you do NIS, you will still need the trusted host. NIS just makes it easier to administer multiple machines, and gives you the ability of network logins. Make your NIS server that trusted host.

 

here is the deal though, even in a Microsoft world, you couldn't just "do GPO" without configuring machines to be on a domain. Same thing applies to linux.

 

If you want a Linux domain, I would run NIS. run DNS on the same box.

 

setup your .rhosts file to point to your NIS server (think of this as your domain controller where you are going to inforce policy from) you can use rcp (remote copy) to deploy these files.

 

for inital deployment, you have a ton of options.

 

If you use redhat, you have kickstart which allows you to do unattended installs of an OS. You also have traditional methods such as ghost or True Image. even G4L (ghost for linux)

 

There are other things too, like Suns UCE product, which is more like Microsoft SMS for Linux, but that costs money

 

If you have an unstructured environment already, it is going to take some extra steps in the beginning to get centralised.

 

There is also Centrify Group Policy for UNIX, Linux and Mac.

This allows you to centrally configure the policies that the DirectControl Agent uses to enforce authentication and authorization to that system.

Apply consistent updates to the sudoers file, defining privileged commands that specific users can execute.

Efficiently control crontab files, firewall settings, screensaver password lock, and other properties.

 

It's a AD integration / GPO module for Linux. Comes at a cost though... and its not cheap.

Edited by featured_spectre
RingOfFlame

RingOfFlame

Posted
Posted (edited)
mmmm... Not in such a direct way. By the sounds of it, you have an Active Directory Domain with some linux or UNIX servers or workstations.

 

 

There is a lot you can do with Active Directory in linux, even have accounts in Active Directory log into Linux (though I do this now and I don't much care for it for different security reasons which I am in the process of proving)

 

 

GPO In Windows is a set of objects based around Windows API and domain archtype. for a GPO to work in Windows, a machine account would first have to be created for that Linux machine, but the much more difficult task is that a GPO would have to be written for a linux OS, which I have never seen before.

 

You have a few options, and the best approach, in my opinion, is NIS.

 

with NIS, you can create a machine database from an NIS metafile with whatever information you want in it, and query it it with the ypcat command. This you can use to set your execution scope in your NIS domain.

 

If we aren't talking about a lot of machines though, another option is to setup a .rhosts file on each linux machine and give yourself a trusted host that you can execute commands as root. Then, setup some cron jobs for the various things you want to perform.

 

oh yeah, if you do NIS, you will still need the trusted host. NIS just makes it easier to administer multiple machines, and gives you the ability of network logins. Make your NIS server that trusted host.

 

here is the deal though, even in a Microsoft world, you couldn't just "do GPO" without configuring machines to be on a domain. Same thing applies to linux.

 

If you want a Linux domain, I would run NIS. run DNS on the same box.

 

setup your .rhosts file to point to your NIS server (think of this as your domain controller where you are going to inforce policy from) you can use rcp (remote copy) to deploy these files.

 

for inital deployment, you have a ton of options.

 

If you use redhat, you have kickstart which allows you to do unattended installs of an OS. You also have traditional methods such as ghost or True Image. even G4L (ghost for linux)

 

There are other things too, like Suns UCE product, which is more like Microsoft SMS for Linux, but that costs money

 

If you have an unstructured environment already, it is going to take some extra steps in the beginning to get centralised.

 

There is also Centrify Group Policy for UNIX, Linux and Mac.

This allows you to centrally configure the policies that the DirectControl Agent uses to enforce authentication and authorization to that system.

Apply consistent updates to the sudoers file, defining privileged commands that specific users can execute.

Efficiently control crontab files, firewall settings, screensaver password lock, and other properties.

 

It's a AD integration / GPO module for Linux. Comes at a cost though... and its not cheap.

 

Copy & Paste FAIL! It might be nice to let others know your source rather than palming it off as your own advice.

 

Ubuntu Forums - View Single Post - Group Policy in Linux?

Edited by RingOfFlame
  • Thanks 1
dhicks

dhicks

Posted
Posted
Anyone know of a linux alternative to group policy?

 

No - if you want an Active Directory / Group Policy server, that's what Windows is for. I don't think logging on and running a bunch of local applications on a workstation is the best model of computing, therefore I don't think it's worth spending any time trying to get Linux to catch up to Windows in this regard. If you want a Linux workstation, try a minimal GUI that can just run a web browser, Chrome style. If you need to maintain compatability with some Windows applications use remote desktop to connect to a Windows TS / RDS server

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • 47 When would you like EduGeek EDIT 2025 to be held?

    1. 1. Select a time period you can attend


      • I can make it in June\July
      • I can make it in August\Sept
      • Other time period. Comment below
      • Either time
×
×
  • Create New...