Why people are not switching to Fedora

Stephen Gallagher sgallagh at redhat.com
Thu May 7 20:04:07 UTC 2015 


----- Original Message -----
> From: "Pete Travis" <lists at petetravis.com>
> To: "Discussions about development for the Fedora desktop" <desktop at lists.fedoraproject.org>
> Sent: Thursday, May 7, 2015 3:48:00 PM
> Subject: Re: Why people are not switching to Fedora
> 
> 
> 
> 
> On May 7, 2015 1:32 PM, "Alex G.S." < alxgrtnstrngl at gmail.com > wrote:
> > 
> > Christian,
> > 
> ...
> 
> > ...Another issue is how Workstation integrates with Active Directory. It
> > would be amazing if I could log into Workstation using my AD credentials
> > and then have my machine register itself with the AD server. This would be
> > a game changer.
> > 
> > 
> > Best,
> > 
> > AlexGS
> > 
> 
> 
> It doesn't work like that; you need to tell the machine about the
> domain/realm and *then* it knows how to validate your credentials. That
> said, I last used gnome-settings to add an ad account, and it joined the
> domain along the way, and set up much of the stuff you'd be looking for. It
> was surprisingly, shockingly easy and painless.
> 

Right, you can thank realmd, adcli and SSSD for that :)

That being said, theoretically it could be possible for us to write a tool that looked for logins of the type "DOMAIN\username" and attempted to autotedetect the domain controllers for that domain from AD and *then* attempt to call realmd automatically with the provided username and password. But that's an awful lot of work for a dubiously-useful feature.

(This would work because AD's default is to allow any user account to join up to five machines without admin permission, although many deployments disable this feature and require an admin account for this purpose).

> But! You aren't going to get things like group policy on a Fedora box.
> Windows admins want to admin Windows; there will always be features
> 'missing' because they will always want it to be Windows...
> 


As the person developing and maintaining GPO support in SSSD on Fedora, I'd like to contradict that statement vehemently :)

At the moment, our support for group policy is limited to access-control authorization, but it's pluggable and should be expandable to support other group policy capabilities going forward.

More information about the desktop mailing list