Before I get into a bit more detail with this question, I’d like to point out that I’m not looking for opinions. In my search on this topic, I did not find any solution, but because there are many linux distros out there, I fear that I missed something.
If you have an answer but there are choices, feel free to narrow the answer to something more generic so I can do the research myself and form my own opinion
The question
Many companies who have a physical server, use Windows Server with Active Directory and Group Policy to manage the workstations on site. While it is also possible to use Microsoft 365 instead, I’m looking for a solution that can run completely off-grid.
Currently in my home lab, I run Windows Server with Active Directory and Group Policy with windows based computers. With people migrating to Linux, I think it will be a fun experiment to see if it is at all possible to recreate the setup completely using Linux.
This essentially means:
-
File server running Linux (I know this one is possible, not looking for help with this one)
-
Active Directory or similar on Linux, where this server manages the accounts, and other linux computers join its domain in order to communicate login details with this server (is that possible?)
-
Group Policy or similar to manage settings on linux workstation. Not sure if this one is possible either, but I would like it to be possible to setup default settings using Group Policy, such as mount scripts for network shares, automatically push installation of applications, manage settings and security, that kind of thing.
-
Optionally and not mandatory, but it would be really cool if this were possible: A windows pc can join this domain and be managed similarly.
Is this even possible, and if not, what are some pointers to get me close to this solution, or is it so far fetched that I do not even want to look into this at all? And if not, what would you normally do to manage linux pc’s from an administrative perspective?
My main concerns are this: If an employee got fired, I want to be able to disable their account to prevent security risks. In addition, network access should be restricted by the same account, with a policy that forces a password change and complex passwords, etc.
