Linux compatible remote management tool

Hello everyone !

I’d like to know if any one is aware of a decentralised tool for remote pc management. I’ll explain where i am Coming for this.

Lets say that I have 3 kids. Depending on their attitude, maybe they have access to their pc, maybe they don’t.

I use timekpr-next for this. Now it requires me to log on as admin on each of their pc just to change the allowed time values or not. Kinda lame we would say.

We could also talk about blocking and webfiltering but pi-hole does this so it is not within the scope.

Now, is there a centralised tool that could administer the “slave” account spread over theses pc’s and more ? If not, would looking into a timekpr-next fork be a good idea ? Timekpr already works in a server client fashion but on a local machine.
To expand the idea, the server head could be on a docker in truenas scale and then integration with home assistant to have a lovelace card to lock out the kids from their computer from the touch of a finger.

I love to dream !

Have a good day !

1 Like

I managed using my router capabilities. Kid computers would not get internet time if they didn’t behave. That’s centralized and could be managed remotely within reason.

Worked for us for a long time because the kids only knew streaming services.

Sorry - saw that too late.

Haha it’s fine XD .

No, yeah there are games on their PopOs pc’s so i want to make sure that when the timer is done it’s enough ( which timekpr does fine ) it’s enough… but when they badly behave, which happens a lot or if it’s sunny outside, well we want to be able to lock it out simply and quickly… not a computer by computer basis

:wink: why is life always so simple ?!

So something like a PAM policy and some way of activating a screen saver on an existing session either remotely on demand or on timer?

… but easier?

I’m not familliar with pam policy XD i’m guessing you mean parental control ?!

Screen saver or user session lock-out
(Timekpr work by letting you log-in and then if the session does not have any remaing time, after 3 or 4 seconds after log-in, you get logged out )

I actually meant Linux PAM and it’s modules .

Specifically, the account ones.

PAM is a library, various login screen / screensaver / network server software uses it to determine things like “does this user exist on this system and is it allowed to log in right now” and so on.

It’s modular and meant to be configurable by a sysadmin managing the box/machine/computer.

It has a bunch of commonly useful modules that it ships with, e.g. there’s this pam_time(8) that you can configure to be called, and it can limit access to certain accounts during certain times of day, and there’s pam_exec(8) - which can be used e.g. call a shell script or a python script.


There’s also useful documentation here:
https://fossies.org/linux/Linux-PAM-docs/doc/sag/html/sag-configuration.html

You can look at your existing install - and with the help of the doc above, try to make sense of existing rules as an example exercise.


Not really simple nor easy, but PAM is fairly standard across various Linux distros. I don’t know if there’s any gui or web tools to help write/visualize the policies and pam configs.

I too need this, so keeping my eye on it!

1 Like

I do not have time to look into it in the next coming days but maybe I could try to contact the timekpr-next team to see if the same soft could have a client and server version … if split, it way more easy to implement as a local or remote set-up.

The will come the home assistant integration… at this point, I have no idea at which tree to bark XD

Thanks for the help !

I’ll keep news and update in this thread for reference.

why has no one said Active Directory? free (Samba4), managed with a gui (or cmd), controls accounts remotely, seems like what you are after?

Hmmm how would this work in a whole linux lan ? I know it is into truenas (core) maybe even scale but how can I integrate the user I would make in active directory to the linux client themselves ?

I’ll start looking into it

just join (bind) the linux machine to the AD environment then AD users can can log on and do as they normally do on the PC. the account can be locked or unlocked from the AD server and schedules could even be done via cron or something if you really wanted to. or you can manage with 1 windows pc with RSAT installed if you want the AD users and computers GUI.

this is a common deployment for mixed networks but does get occasionally used in primarily linux environments where ease of account management is needed.

Yeah, i’ve been reading since your post how to make an active directory on my truenas machine but it either seems that it’s make a vm and run win server or join one but I am extremely agaist using microsoft i’ll keep looking… from what I gathered, I could have a openldap soft running but it seems there are no integration in truenas scale

no you don’t need to run any MS windows servers.

the TrueNAS core variant works fine but is odd to manage.

the real SAMBA4 install works a treat, it is what i run. i do have some windows end user computers. but my AD and DNS and everything is all linux. (and i use pihole too)

I’m a bit at a lost XD samba4 is your AD ?

I did also see two packages on truecharts : openldap and phpopenldap.

I have to restart another work week so until sunday i will not have much time to fidle with it but i’ll try to setup a small AD

Now the fun part would be to find any integration with HA… this would be the summum!

Wow massive info ! Looking at this… i’ll get a used 1u server… i don’t think VM ing it inside my old x9 sfm server is such a good idea with emby that the kids use everyday, minetest server, next-cloud+collabora… i have luck that I made a server room and that the room currently rests at 16 degrees C cause the cpu, in peaks, hits 70…

A little 1u controller running deb would not be that bad !

there is a guy in that thread running a debian AD server on a PI. Also the primary setup concern for making the DC work well is DNS. (as with any DC) in pihole you will need to check ‘Use Conditional Forwarding’ and then configure your DC info there. as an alternative you can chain your DC to pihole as a nexthop DNS server. this can add a small amount of delay during DNS requests though. i have had good luck using the conditional forwarder.

also, all clients joined to AD need to be synced to the same NTP source that the AD server is using. there are multiple ways to handle this, just don’t forget about it.

Ok I use nist throught my pfsense router so for ntp I should be fine :smiley: