\\o/ <- Me Waving

Post #158,600 by folkert 6/5/04 10:49:10 PM Reply	\\o/ <- Me Waving I can send you my smb.conf for use on linux and 8 smal scripts I wrote to make the SAMBA PDC seem nearly identiucal to a NT Domain. Means no AD though (whoopty who care) I also have a good reference I am re-writing to be more "distro neutral" I am \|\| this far away from having LDAP in place for golbal authentication... and then I can replicate away on everything. The only things I am not doing(yet) IS ldap and NTLMv2 as I have an OLD win95 box that will NOT use it, even though it can. There are TONS TONS of things you can do. Right now I have cups as my print backend, and I am just starting to load up the drivers for all the printers. I have some basic policies in place (some user and a few group) allowing me to control a few things. Roaming Profiles work great. I can use svrmgr.exe to manage the domain now (cept a few thing) I can add users and they will get UNIX account (if I want, which I do) and they will be the same passwd. I can add groups with specific SID. I have a software depot share, I can add users to groups (and be reflected in unix and samba) and remove them as well. I can establish domain trusts, workstation accounts(to join the domain) reset passwords remotely on workstations using swat, I also could if I wanted to have samba control the dynamicDNS updates. There are more things that I can't even begin to think of samba is now doing. Just make sure you start with 3.0.4 or later. Trust me, I just spent the entire afternoon rebuilding an upgrade gone sour from 3.0.2a to 3.0.4 because of the recent GDMFAHBSSM$ using QUALITY TESTING they use. "Hey! It builds! SHIP IT!" Twas a hung process that I didn't catch soon enough. Corrupting nearly all of the tdbs. The hung process was during a logrotate event. SUXXORZ. But SAMBA did still run, just after about 4-6 hours it would stop allowing NEW domain logins, but would still allow share mapping (which was the workaround) Enough... SAMBA is plenty light weight especially with LDAP and no winbind being needed (winbind does the external AD or domain authentication and automagic homedir creation etc...) Will be putting a neutered version of my smb.conf up for perusal. Sometime soon. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* I've decided to become a perfectionist. That way I'll have more reasons to hate people. Your recycled electrons annoy me. Please use new electrons.
Post #158,652 by broomberg 6/6/04 3:35:20 PM Reply	Sounds good I'm considering moving my consulting to an 80% Linux/Samba server environment, so this might help. With my regular job, though, the key issue is AD integration.
Post #158,683 by folkert 6/6/04 9:07:50 PM Reply	Well, quick question. Why would you need MADS when all of your Servers are SAMBA? You can join a Win 2K3/2K servers to a samba domain, easy peasy. You can manage them with MMC just like you could before. You just can't use MMC with the SAMBA Domain (for that SRVTOOLS are needed) Since you can do ~ 90% of the stuff in AD with a DOMAIN you might wanna consider going without AD. You can get the Kerberos to issue proper tickets and have LDAP do the replication stuff. Amoung other things. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* I've decided to become a perfectionist. That way I'll have more reasons to hate people. Your recycled electrons annoy me. Please use new electrons.
Post #158,709 by broomberg 6/6/04 11:52:50 PM Reply	No, you don't understand My regular job has LOTS of W2K servers. We have an AD FARM!!!!! I mean it. We have 12 servers DEDICATED to AD. We have 3 domains, which were kind of screwed up. And then Exchange started having problems. So the M$ company that was reviewing our setup said we NEEDED 12 boxes to handle our AD traffic in correct isolation. We ended up with 12 dual Xeon boxes JUST for that. People were NOT happy, but they were backed in a corner. I don't mind too much, because I now use it as an example of crappy technology put in by novices, which then burns you when you depend on it and it fails. Very convincing argument to doing things the right way.
Post #158,738 by pwhysall 6/7/04 2:09:48 AM Reply	Twelve? I could understand two per domain, but FOUR? Someone was getting some fine commission on THAT hardware deal. (If they're just DCs, dual processors aren't required, either) Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #158,761 by broomberg 6/7/04 6:41:56 AM Reply	Yup: Twelve And I believe it was 3 per domain, plus a bit over overhead. And yes, I'm sure that they are sitting 90% idle. But I'm not in the position to look at it too close. It was an emergency install, the whole thing done in about 48 hours, from start to finish, and they guarantee our email will never go down due to AD issues ever again. We will be consolidating domains in about 6 months, at which point most of the hardware will be redeployed. On hardware pricing side, we got a good deal. Same cost from this all-in-one vendor as our lowest discounted CDW price. These are HPs.
Post #158,783 by folkert 6/7/04 10:28:11 AM Reply	OUCH. Sounds like you have your SAMBA servers already. Use Winbind for the intergration... it just works REEL-GUUD. It can be configured to handle the three domains as well. Nifty schpifty. 12 machines... someone got schnookered. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* I've decided to become a perfectionist. That way I'll have more reasons to hate people. Your recycled electrons annoy me. Please use new electrons.
Post #158,800 by drewk 6/7/04 11:09:13 AM Reply	D'oh! Why didn't I ask here sooner (new thread) Created as new thread #158799 titled [link\|/forums/render/content/show?contentid=158799\|D'oh! Why didn't I ask here sooner] === Implicitly condoning stupidity since 2001.

Welcome to IWETHEY!