Hello, Chris, Thanks for the valid point here with the licenses. I will try to verify this with the legal department and let you know.
Cheers, Ballock On Tue, Feb 12, 2013 at 1:32 PM, Chris Rowson <christopherrow...@gmail.com>wrote: > Hi there, > > That's really interesting (I'm going to squirrel that info away!). > > How do you deal with Active Directory licensing? Are you buying a Server > Client Access Licenses for each Ubuntu machine? > > Cheers, > > Chris > > > On Tue, Feb 12, 2013 at 12:26 PM, Bolesław Tokarski < > boleslaw.tokar...@tieto.com> wrote: > >> Hello, >> >> How do you solve the machine policies topic? >> >> I mean - how do you make sure that a Ubuntu machine in your environment >> runs according to some policies you specify? Microsoft defined this as a >> "Group Policy", perhaps the more general term is "System Configuration >> Management". >> >> As we found no product that does this out of the box (not sure about >> Centrify, though, but we couldn't afford it), we glued together a number of >> components to do the job. >> >> Firstly, we took CFEngine (www.cfengine.com) as the policy "enforcement" >> tool. This is a configuration automation tool. A valid choice would be >> Puppet as well, though we found CFEngine to be more lightweight and suits >> better for laptops. We defined a set of policies or configuration elements, >> like domain joining, authentication, firewall, VPN, etc. >> >> Secondly, we used cfgen >> (http://dozzie.jarowit.net/**trac/wiki/cfgen<http://dozzie.jarowit.net/trac/wiki/cfgen>), >> a configuration template solution for flexibility. >> >> Thirdly, we used plaintext, YAML-structured files to hold variables used >> for templating. This part seems trivial, but we allowed inheritance between >> the files, so we created sets of variables depending on country the machine >> originated from, the location the machine is in now (mostly for locating >> proxy servers and nearest mirror), the Active Directory domain the machine >> belongs to etc. We also provided a local override on the machines so the >> user can disable most policy enforcements (we preferred that over the user >> disabling the whole policy). >> >> Lastly, we decided to get all the possible information about a machine we >> could from Active Directory. We acquired: >> 1. The place in the directory structure (OU) where the machine object >> resides, that gave us the machine original location. >> 2. The IP subnet to AD "Sites and services" mapping, so we were able to >> tell by the machine's location where the machine is now. >> 3. The owner of the machine (managedBy property). >> 4. The groups a machine belongs to. >> >> Unfortunately, we could not get the native Group Policy properties of an >> object nor the ACLs of Active Directory objects. So, instead, we decided on >> a group naming convention. If a machine belongs to group called >> "policy_certificate", it receives the variables and policies for the >> "certificate" set. >> >> I would be glad to learn how other people approached the topic, solved >> it? Perhaps there are tools out there that we missed? >> >> Cheers, >> Ballock >> >> >> -- >> Mailing list: >> https://launchpad.net/~**enterprise-ubuntu<https://launchpad.net/~enterprise-ubuntu> >> Post to : >> enterprise-ubuntu@lists.**launchpad.net<enterprise-ubuntu@lists.launchpad.net> >> Unsubscribe : >> https://launchpad.net/~**enterprise-ubuntu<https://launchpad.net/~enterprise-ubuntu> >> More help : >> https://help.launchpad.net/**ListHelp<https://help.launchpad.net/ListHelp> >> > > > -- > Mailing list: https://launchpad.net/~enterprise-ubuntu > Post to : enterprise-ubuntu@lists.launchpad.net > Unsubscribe : https://launchpad.net/~enterprise-ubuntu > More help : https://help.launchpad.net/ListHelp > >
-- Mailing list: https://launchpad.net/~enterprise-ubuntu Post to : enterprise-ubuntu@lists.launchpad.net Unsubscribe : https://launchpad.net/~enterprise-ubuntu More help : https://help.launchpad.net/ListHelp
