GPO for Linux

fate

New Member
Joined
Jan 21, 2022
Messages
2
Reaction score
0
Credits
27
Hi
Our company relies now on windows products in 90%. Due to the growing demand of linux we are looking for some solutions like GPO in windows.

I've search but I didn't find nothing concrete.
There is a solution to restric security policy in linux desktops from one central server?

For that I mean:
1. one sudoers file which force to all hosts in domain
2. disable root - for that I want to users can't use root and don't have root acess
3. permission works with groups or individually
4. etc.

In my reaserach is option to combine f.e. ansible + openldap. Then host is slave and force script remotly to hosts and connect with ldap account
But maybe do you have some another option that I don't know and is easy to introduce ?
 


You can use FreeIPA/IDM to create a trust to Windows Active directory servers so that you can then use those same users on your Linux servers who are clients of your FreeIPA/IDM server.
 
Last edited:
You can use FreeIPA/IDM to create a trust to Windows Active directory servers so that you can then use those same users on your Linux servers who are clients of your FreeIPA/IDM server.


It's looks nice and that what i'm looking for so thanks for information :)

Do you have some experience with that?
Of course if we decided to enter in this solution, we have to test in lab etc. but for now I wonder how it's work in practice, example:
1. As server/client distro is no matter?
2. If user install desktop version and have root access, after add him as ipa-client they can't use root to manipulate permissions etc.?
3. It will restrict password policy?
4. make some configuration automaticly - f.e. ssh disable login as root, enforce protocol 2 etc.?

I can't find a full functionality tutorial or something like that, only general terms what can do freeIPA.

Last question: FreeIPA and Redhat IDM is same project?
 
I don't have much experience with it, currently testing it in our lab at work.
1. I would think not but have only tried it on RHEL.
2. If you have root password of a system you can change anything on the system, idm/freeipa is not an exact copy of Active directory so you will have to see what functionalities work and which don't or work different.
3. You can configure a global policy to your needs, as well as per group basis.

FreeIPA is the opensource project and IDM is the what Redhat named it as part as their software collection. I haven't searched for a freeipa tutorial since we only use Redhat products.
 

Members online

No members online now.

Top