Hi! i going to migrate all windows workstation to fedora and I need for example: make an administrator users in all workstation, is possible make a gpo for linux? All the workstation are in domain...obviosly is a SAMBA! King regards From Argentine
On Mon, 14 Jan 2019 17:10:07 -0300 Carlos Bordon via samba <samba at lists.samba.org> wrote:> Hi! i going to migrate all windows workstation to fedora and I need > for example: make an administrator users in all workstation, is > possible make a gpo for linux? > > All the workstation are in domain...obviosly is a SAMBA! > > King regards From ArgentineWhat OS is the DC running on, Fedora ? If so, are you using the Fedora Samba packages ? If you are, then do not, a Samba AD DC using Fedora packages is considered experimental and should not be used in production. If you do run AD, then all users are stored in AD, this includes administrative users. There are (as far as I aware) no Linux GPO's Rowland
On 1/14/19 4:10 PM, Carlos Bordon via samba wrote:> Hi! i going to migrate all windows workstation to fedora and I need for > example: make an administrator users in all workstation, is possible make a > gpo for linux? > > All the workstation are in domain...obviosly is a SAMBA!You can't apply Windows domain based GPOs to Linux clients without the usage of third party tools (tools not provided by Samba), and some of those tools can only apply a few specific GPOs to Linux. Maybe what you are looking for is to be able to configure sudo rules for your workstations from a Samba AD DC. There are ways to extend the AD directory schema to store sudo rules, and at the same time, to configure Linux sudo to read those rules from the AD LDAP server. For simplicity, you can store a sudoers file that grant all users of a domain group full sudo access, but that sudo configuration must be deployed to all clients. This doesn't require modifying the AD schema.> > King regards From Argentine >
The DC is a Ubuntu 16.04, with samba 4.8 I want a local user in alls workstations with admin permissions, is for the support area, for install apps and if i make a freeipa and make the trust? i could have the users and GPOs for windows and users and tools for linux, is possible? El lun., 14 ene. 2019 a las 17:26, Rowland Penny via samba (< samba at lists.samba.org>) escribió:> On Mon, 14 Jan 2019 17:10:07 -0300 > Carlos Bordon via samba <samba at lists.samba.org> wrote: > > > Hi! i going to migrate all windows workstation to fedora and I need > > for example: make an administrator users in all workstation, is > > possible make a gpo for linux? > > > > All the workstation are in domain...obviosly is a SAMBA! > > > > King regards From Argentine > > What OS is the DC running on, Fedora ? > If so, are you using the Fedora Samba packages ? > If you are, then do not, a Samba AD DC using Fedora packages is > considered experimental and should not be used in production. > > If you do run AD, then all users are stored in AD, this includes > administrative users. > > There are (as far as I aware) no Linux GPO's > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba