On 12.1.2015 17:20, brendan kearney wrote: > OpenAFS? If you insist on a replicated FS then try Gluster.
Petr^2 Spacek > On Jan 12, 2015 11:04 AM, "Craig White" <[email protected]> > wrote: > >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Dale Macartney >> *Sent:* Sunday, January 11, 2015 2:16 PM >> *To:* [email protected] >> *Subject:* [Freeipa-users] Group Policy-like features in FreeIPA >> >> >> >> Morning folks >> >> I am currently working on a little pet project which I think some would >> find useful. >> >> I would like to introduce some group policy like functionality into a >> FreeIPA domain. >> >> For example: >> >> In an environment running FreeIPA Server with Fedora or RHEL based >> workstations, I would like to be able to introduce a few extra features >> which initially may be pushed via a login script (maybe even configure a >> dbus session as well, who knows?). >> >> My intentions here would be to be able to apply host specific policies as >> well as have the option for user specific policies which would be applied >> when the user logs in. >> >> Practically speaking, adding an attribute to LDAP to specify a login >> script file name is easy enough, however actually fetching this is where I >> am hoping for a bit of brain storming. My thoughts would be the local user >> would fetch the name of the login script via ldap, and then perhaps fetch >> the file from a shared resource on the FreeIPA masters in order to be >> executed locally. >> >> LDAP is obviously replicated, however to my knowledge, there is no file >> synchronization between masters. I am thinking something similar to the MS >> equivalent of the SYSVOL data that replicates between MS Domain >> Controllers. One option would be to store all data within LDAP, however >> I've seen many scenarios where admins store CD ISO's in replicated domain >> data, so I am not certain this would be the best option. >> >> With this replicated data folder, I would be able to store centrally >> managed scripts which would be used for hosts or users, and then configure >> the default user template on each workstation (/etc/skel/) to add the login >> script file name which would be fetched from the users LDAP attributes. >> >> Real world usability for what I am thinking of is a way to manage users >> who can have their corporate email mailbox configured on login, >> automatically setting the users session to point to an internal SSO enabled >> proxy server or perhaps any other number of things which an admin may wish >> to achieve without the need to manually do the work themselves. >> >> Has anyone undertaken a similar scenario in their environments or would >> perhaps have any suggestions on how to manage the centrally accessible file >> stores? >> >> Many thanks >> ---- >> >> Specifically, I haven’t fully implemented what you are asking but >> obviously parts and pieces yes. >> >> One of the best features of Linux and all of its various toolsets is that >> one are quite so overarching and the objectives are more focused. String >> them together and you have a working tool set. As a system administrator, >> you learn to pipe grep output to awk or sed or cut etc. >> >> SYSVOL ó NFS and if that doesn’t do it for you, check out Unison. >> >> I guess one of the temptations of FreeIPA is to try to make it exactly >> like active directory. The FreeIPA developers are already doing an amazing >> job without a ton of manpower. >> >> Craig >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go To http://freeipa.org for more info on the project >> > > > -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
