Looking for a mentor/adviser

Sean Parsons sean at theparsonsfamily.com
Sun Jan 31 22:10:16 MST 2010


Craig,
	Again you assume facts not stated, exchange wasn't a factor. LDAP
was chosen because the documentation supported it AND I had used it
elsewhere with success, you decided it wasn't necessary and you don't know
my network or the facts, that is arrogant on your part. DCPromo wasn't used
as it runs on Windows boxes, not the Ubuntu server I was using, again you
assumed I'm an idiot and your ignorance is showing. You can't downgrade an
SBS server to a legacy mode because of Exchange, conversions are one way and
not reversible. Chapter 4 of the Samba manual discusses and clearly explains
the use of LDAP and recommends it's use, so where you get your facts from is
not clear to me, perhaps the manual is wrong. Since the LDAP configuration
occurs in several other chapters I have to wonder why it would be documented
if not supported, and since you have no first hand knowledge of my network,
you have to be pretty arrogant to tell me when or where I need it. 

	You accused me of not knowing my craft and you don't know the facts,
but as you pointed out and I openly admitted I didn't know what I was doing.
I read the documentation, and I made my best guess as to it's implementation
and it didn't work and there were serious consequences. That YOU can't
dispute, I have the proof in the failure, so you will have to accept them as
I didn't imagine it. The damage occurred when I was attempting to configure
and synchronize the Linux machine to my existing domain using webmin and the
information I obtained from the Samba website, again these are the facts and
you disputing them is calling me a liar. You keep saying I was building a
domain controller, I never said that, I said I was attempting to configure
LDAP and Kerberos to work with my existing domain controller, again you have
no idea what I was doing, but your sure I am making it up. I was attempting
to use the Single Sign On and use LDAP for the AD directory storage and
synchronization, which is discussed in the manual. I am familiar with it and
I have used it elsewhere. 

	If I knew what I was doing wrong, then I obviously wouldn't have
done it a second time to verify my results, which were the same, again facts
you can't dispute, unless you want to keep calling me a liar. The existing
Microsoft Domain controller stopped working and required a complete restore
to function again, not to mention every workstation having to be reset.
Whatever Winbind, LDAP and the Kerberos configurations I did (covered in the
manual), the minute I synced that Linux server to my domain controller is
stopped working, I was there and I have the Microsoft Trouble ticket for
them to do a post mortem and tell me what had happened, so again you are
being arrogant that you know everything and you know what I did wrong. The
fact that I screwed it up is still the fact, you just keep calling me a liar
when I explained what I did.

	I am new to Linux so I started with the UBUNTU server manual reading
up on Samba, and then I went to Samba.org to investigate something that was
made to sound relatively simple, create a file server to share files on a
windows network and use the single sign on capability in Samba. Did I
understand everything I read, I thought so, and the documentation seemed
reasonable and I followed it, and it contributed to a big problem. Why,
probably because I used my Microsoft experience to understanding the Samba
manual. Ok, so I screwed it up, you still don't have the right to call me a
liar and tell me I don't know my job because I tried something new and
attempted to expand my knowledge.

	As for your tone, I don't appreciate you attacking me and accusing
me of lying, when I clearly stated I was in error, it was my fault and that
I obviously misunderstood the manual. You accused me of fabricating the
facts, they are still true, I attempted to follow the manual relying on my
experience and I was wrong, but the manual gave me information and lead me
to those conclusions. You continue to attack my experience and you don't
know me, you didn't have all the facts, but you spout off that you know
everything and I'm a liar, that is just rude and arrogant.

	I still stand that my explanation is the record of the facts, your
assumptions are not based on you knowing what I did, where I went wrong and
what my abilities are. They are your opinions being defended by your
experience and nothing more.

	You can have the last word and post your response, but I am done and
I have nothing more to say.

Best wishes.


Sean Parsons


-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Craig
White
Sent: Sunday, January 31, 2010 9:26 PM
To: Main PLUG discussion list
Subject: RE: Looking for a mentor/adviser

On Sun, 2010-01-31 at 20:55 -0700, Sean Parsons wrote:
> Craig,
> 	You are the master, and I'm just an idiot with 20 years of Microsoft
> experience..... so you win, I'm totally wrong. 
> 
> I got nothing more to add, and no desire for this to continue to escalate.
> Thanks for your time, and best wishes for the future.
----
I suspect that what you actually did was to run dcpromo on your Windows
SBS server and set it to 'legacy domain controller' in order to have
your Samba server join the domain as a 'controller'. That of course,
immediately broke Exchange. Of course, this is just a guess. The only
reason you would need LDAP on Linux was if it was to be a domain
controller which the documentation clearly states that it cannot be a
domain controller on an AD domain.

I am not escalating anything nor am I all that invested in your setup
because I am only left to guess what you did. I am pretty confident that
you were groping and eager to try anything without understanding the
reasons and the ramifications.

I have seen many people who think that they understand Windows
networking but can't function beyond the wizards and GUI provided by
Microsoft, can not query LDAP from CLI, don't actually understand how
LDAP actually works, how to access it, how to extend it, etc.

I can appreciate the extreme difficulty of trying to configure LDAP when
you don't actually understand it because I learned it simultaneously
with Samba 3 right when Samba 3 was released and it made me pull my hair
out trying to learn them simultaneously and all the while I was thinking
that Samba 3 was pretty much like Samba 2 (it wasn't - it's just that
the commands looked the same). My advice... if you don't fully
understand Linux, learn that first. At the point you are comfortable
with Linux, learn Samba. At the point that you are fully comfortable
with Samba, learn LDAP (if you actually need it or want to use Samba as
a domain controller).

Recognize that until Samba 4 is actually usable (and it will still be
quite some time to reach that stage), you cannot use Samba as a domain
controller in any domain that uses 'Exchange Server' 2003 or newer
simply because Exchange Server 2003/2007 absolutely require current AD
structure. But you can have a separate domain and set up trusts between
your Samba domain and your AD.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



More information about the PLUG-discuss mailing list