I have always been exposed to windows active directory with server controlled logins, server based “home” directories, etc. With the nature of NixOS it seems like it might be easy to deploy something similar by just setting up the configuration.nix as some sort of symlink to one stored on a central server. The only issue would possibly be how to not create home directories on the local machine and instead store them on server. You might be able to make a central passwd file that gets read, but i am not sure just how secure that would be. Thoughts?

  • moonpiedumplings@programming.dev
    link
    fedilink
    English
    arrow-up
    17
    ·
    8 months ago

    The person telling you to “learn what AD is” is kinda a douche, but they aren’t wrong.

    AD is mainly 3 components in one:

    • Configuration management across a variety of machines
    • Shared logins
    • Shared user data across many machines

    All of these are doable on Linux. In many ways. Many, many ways. That you have to set up yourself.

    For configuration management, do you want ansible, puppet, chef, nix, etc?

    For shared logins, do you want openldap, lldap, Red Hat’s ldap, etc?

    For shared user data, do you want nfs, systemd-homed, or something else?

    And for all of those, you have to evaluate, maybe test, and then select a solution, and then set it up yourself in a resilient manner.

    Nixos, as a server distro, can host the relevant services needed for this. As a desktop distro, it can also do configuration management. But that’s missing the point of AD, in my opinion.

    The point of AD, and how it managed to become so popular, is that it is all of those, in an all-in-one solution that is simple to use (joining Windows machines to a domain is trivial), and it also comes with paid support.

    Even if you were to build your own alternative on Nixos, which would be a lot of tinkering and twiddling, then you would end up with some of the same core features, but you would have to maintain, secure, etc, it yourself, and not having to do those to such an extent is why people buy Active Directory. There would be no alternative to things like Group Policy, instead you would be writing your own nix code.

    So yeah. Unless someone comes along and builds an all-in-one solution on top of Nixos, nixos isn’t really an alternative to active directory. You can replicate the core features. But it’s not an alternative.

    • shortwavesurferOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      8 months ago

      This was very informative and a good explanation. So thank you. That’s very much appreciated.

    • Kualk@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      8 months ago

      I did not have time to write all of this and be certain I didn’t miss something.

      So I summarized into learn the topic to understand the question is meaningless.

      AD roaming, AD SSO, Policies, Etc.