Looking for a mentor/adviser

Sun Jan 31 18:48:27 MST 2010

On Sat, 2010-01-30 at 17:49 -0700, Sean Parsons wrote:
> Craig,
> 	I don't doubt that people do it. I made several honest attempts to
> research, understand and implement a Samba file server in and existing Small
> Business Server 2003 network using LDAP and Kerberos. I was not able to make
> it work, so I changed my plan and I asked if someone was willing to mentor
> me through another try. Since I didn't need multiple opinions, I just need
> to discover what I did wrong/what works, I wanted to avoid a large forum,
> and I'm sorry if that seems to keep upsetting people.
> 
> Here's What happened:
> 
> 	The How tos were really vague for adding Samba to anything but the
> simplest windows network (NT4), Then most examples assumed I was building a
> standalone server with the same functionality, not adding one. Based on my
> research it looked like the process was straight forward and so I built a
> Ubuntu server (LAMPS) and I set out to join it to my domain.
----
vague? seriously? Samba has the best free documentation of any open
source project.

The Official Samba HowTo & Samba By Example both are available at
www.samba.org (linked on the main page). The HowTo is exhaustive
documentation developed over many years and the 'By Example' gives you a
complete walk through on many various scenarios of usage.

Using any other documentation is just stupid.
----
> 
> 	I knew I needed LDAP and Kerberos so I tried to set those up with
> Webmin, they attempted to alter my existing domain controller and things
> went horribly wrong. I recovered my DC from backup and tried it a second
> time using the CLI, but I was not able to find where settings were stored
> and again, I tried to use the example files from Samba.org as a model, not
> knowing what is needed or not, may have contributed to a second failure.
> Again I recovered my Server form backup and changed tactics.
----
you don't need LDAP to join a Linux server to AD. You have bad
information. Neither LDAP nor kerberos have any ability to 'alter' an AD
controller. Bad information and bad conclusion.
----
> 
> 	I then tried to join a linux workstation to the domain with "like
> wise" and it worked, sort of. Small Business Server isn't just Windows
> Server 2003 with a new name. It adds Exchange and SQL has other scripted
> functionality embedded into AD which is why you have to use it's wizards for
> everything. After joining I started to have problems as AD was not properly
> formatted when the workstation was joined. SBS uses the AD tables for more
> than just domain membership, we have exchange, etc that rely on it. So Yes
> it probably can be done, but it is not simple, nor is it intuitive, it is
> specific to the type of environment. My AD environment isn't broken, it
> required specific settings that couldn't be anticipated from the how to and
> guides I found on Samba.org. 
----
Again - Linux servers and workstations are joined to AD domains all over
the world without 'breaking' anything and I am quite aware of what SBS
is and Windows networking.
----
> 
> 	I asked in IRC #Samba, #ubuntu-server, #Ubuntu-us-az, and #plugaz
> several times for help to understand where I went wrong and nobody answered,
> or if they did, I was told "Oh that is really tricky and I never did
> it"..... Samba's documentation admits issues with non NT4 AD implementation
> and promises to fix it in V4, but I wanted to talk to someone who had done
> it and nobody answered. 
----
Samba 3.x cannot participate as a domain controller on an AD domain.
Documentation is quite clear. But it is relatively simple and benign for
it to join an AD domain as a member server/workstation. It works, it's
relatively simple and it is not hazardous to an AD domain whatsoever.

I think your statement 'Samba's documentation admits issues with non NT4
AD implementation and promises to fix it in V4' is completely flawed.

Craig

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.