Re: Why people are not switching to Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 


----- Original Message -----
> From: "Pete Travis" <lists@xxxxxxxxxxxxxx>
> To: "Discussions about development for the Fedora desktop" <desktop@xxxxxxxxxxxxxxxxxxxxxxx>
> Sent: Thursday, May 7, 2015 3:48:00 PM
> Subject: Re: Why people are not switching to Fedora
> 
> 
> 
> 
> On May 7, 2015 1:32 PM, "Alex G.S." < alxgrtnstrngl@xxxxxxxxx > wrote:
> > 
> > Christian,
> > 
> ...
> 
> > ...Another issue is how Workstation integrates with Active Directory. It
> > would be amazing if I could log into Workstation using my AD credentials
> > and then have my machine register itself with the AD server. This would be
> > a game changer.
> > 
> > 
> > Best,
> > 
> > AlexGS
> > 
> 
> 
> It doesn't work like that; you need to tell the machine about the
> domain/realm and *then* it knows how to validate your credentials. That
> said, I last used gnome-settings to add an ad account, and it joined the
> domain along the way, and set up much of the stuff you'd be looking for. It
> was surprisingly, shockingly easy and painless.
> 

Right, you can thank realmd, adcli and SSSD for that :)

That being said, theoretically it could be possible for us to write a tool that looked for logins of the type "DOMAIN\username" and attempted to autotedetect the domain controllers for that domain from AD and *then* attempt to call realmd automatically with the provided username and password. But that's an awful lot of work for a dubiously-useful feature.

(This would work because AD's default is to allow any user account to join up to five machines without admin permission, although many deployments disable this feature and require an admin account for this purpose).

> But! You aren't going to get things like group policy on a Fedora box.
> Windows admins want to admin Windows; there will always be features
> 'missing' because they will always want it to be Windows...
> 


As the person developing and maintaining GPO support in SSSD on Fedora, I'd like to contradict that statement vehemently :)

At the moment, our support for group policy is limited to access-control authorization, but it's pluggable and should be expandable to support other group policy capabilities going forward.

-- 
desktop mailing list
desktop@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/desktop
[Index of Archives]     [Fedora Users]     [Fedora KDE]     [Fedora Announce]     [Fedora Docs]     [Fedora Config]     [PAM]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux