Looking for a mentor/adviser

[Craig White]

On Sun, 2010-01-31 at 22:10 -0700, Sean Parsons wrote:
> Craig,
> 	Again you assume facts not stated, exchange wasn't a factor. LDAP
> was chosen because the documentation supported it AND I had used it
> elsewhere with success, you decided it wasn't necessary and you don't know
> my network or the facts, that is arrogant on your part. DCPromo wasn't used
> as it runs on Windows boxes, not the Ubuntu server I was using, again you
> assumed I'm an idiot and your ignorance is showing. You can't downgrade an
> SBS server to a legacy mode because of Exchange, conversions are one way and
> not reversible. Chapter 4 of the Samba manual discusses and clearly explains
> the use of LDAP and recommends it's use, so where you get your facts from is
> not clear to me, perhaps the manual is wrong. Since the LDAP configuration
> occurs in several other chapters I have to wonder why it would be documented
> if not supported, and since you have no first hand knowledge of my network,
> you have to be pretty arrogant to tell me when or where I need it. 
> 
> 	You accused me of not knowing my craft and you don't know the facts,
> but as you pointed out and I openly admitted I didn't know what I was doing.
> I read the documentation, and I made my best guess as to it's implementation
> and it didn't work and there were serious consequences. That YOU can't
> dispute, I have the proof in the failure, so you will have to accept them as
> I didn't imagine it. The damage occurred when I was attempting to configure
> and synchronize the Linux machine to my existing domain using webmin and the
> information I obtained from the Samba website, again these are the facts and
> you disputing them is calling me a liar. You keep saying I was building a
> domain controller, I never said that, I said I was attempting to configure
> LDAP and Kerberos to work with my existing domain controller, again you have
> no idea what I was doing, but your sure I am making it up. I was attempting
> to use the Single Sign On and use LDAP for the AD directory storage and
> synchronization, which is discussed in the manual. I am familiar with it and
> I have used it elsewhere. 
> 
> 	If I knew what I was doing wrong, then I obviously wouldn't have
> done it a second time to verify my results, which were the same, again facts
> you can't dispute, unless you want to keep calling me a liar. The existing
> Microsoft Domain controller stopped working and required a complete restore
> to function again, not to mention every workstation having to be reset.
> Whatever Winbind, LDAP and the Kerberos configurations I did (covered in the
> manual), the minute I synced that Linux server to my domain controller is
> stopped working, I was there and I have the Microsoft Trouble ticket for
> them to do a post mortem and tell me what had happened, so again you are
> being arrogant that you know everything and you know what I did wrong. The
> fact that I screwed it up is still the fact, you just keep calling me a liar
> when I explained what I did.
> 
> 	I am new to Linux so I started with the UBUNTU server manual reading
> up on Samba, and then I went to Samba.org to investigate something that was
> made to sound relatively simple, create a file server to share files on a
> windows network and use the single sign on capability in Samba. Did I
> understand everything I read, I thought so, and the documentation seemed
> reasonable and I followed it, and it contributed to a big problem. Why,
> probably because I used my Microsoft experience to understanding the Samba
> manual. Ok, so I screwed it up, you still don't have the right to call me a
> liar and tell me I don't know my job because I tried something new and
> attempted to expand my knowledge.
> 
> 	As for your tone, I don't appreciate you attacking me and accusing
> me of lying, when I clearly stated I was in error, it was my fault and that
> I obviously misunderstood the manual. You accused me of fabricating the
> facts, they are still true, I attempted to follow the manual relying on my
> experience and I was wrong, but the manual gave me information and lead me
> to those conclusions. You continue to attack my experience and you don't
> know me, you didn't have all the facts, but you spout off that you know
> everything and I'm a liar, that is just rude and arrogant.
> 
> 	I still stand that my explanation is the record of the facts, your
> assumptions are not based on you knowing what I did, where I went wrong and
> what my abilities are. They are your opinions being defended by your
> experience and nothing more.
> 
> 	You can have the last word and post your response, but I am done and
> I have nothing more to say.
----
ok then...

There is absolutely no reason to use LDAP on a Linux (or UNIX) system
that merely wants to to join AD as a domain member.

There is no documentation anywhere on Samba's web site that says
otherwise. None.

You should configure kerberos on this Linux (or UNIX) system that wants
to join as a domain member.

Running LDAP on Samba system would only be useful if the Samba system is
to be a domain controller which is why I guessed that you ran dcpromo on
the SBS server. I clearly stated that I was guessing because that would
explain your breaking Exchange/AD.

I am unaware of any reliable reports to Samba.org that suggest 'joining'
a Samba system to AD has caused failure in AD.

If you feel that their documentation or the process of joining as an AD
'domain member' is at issue, the reasonable thing to do is to report
these problems so they can be fixed. That is the open source way.

I did not call you a liar anywhere but I can tell that you take
everything very personally and I am sorry about that. I was rather
bothered by your report that joining a Samba system to AD can break AD
(it can't) but even more bothered by your inability to separate my clear
statements about what is required to join a Samba system to AD (LDAP :
No, Kerberos : In most instances). I have been very precise with my
explanations but you have been most general and pre-occupied with tone
and ego.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.