On Tue, 2006-06-20 at 14:43 -0200, [EMAIL PROTECTED] wrote: > The purpose of having Samba is connecting Windows clients to a > non-Windows server.
But _how_ do you authenticate those Windows users? And _how_ do you map those UNIX/Linux and Windows objects? That's the "bigger picture" you're missing. > And that's the reason many companies are deploying Linux and Samba. But _how_ are they authenticating and mapping objects? > So a LPIC-3-Samba certification is about building a robust > infrastructure for serving Windows clients from Linux servers, > nothing more. *WHOA*! You're kidding me, right? Let's even ake the "UNIX/Linux client" out of the equation to start. Again, *HOW* are you authenticating/mapping UNIX/Linux and Windows objects? Are you just relying on local UNIX mechanisms? And offering _only_ ADS (NTLM/SAM) for network-based? *OR* do you consider the fact we might want a _native_ UNIX/Linux solution? One that does _not_ require Winbindd? E.g., maybe a _native_ UNIX/Linux solution that synchronizes with ADS, but the or Samba server _never_ knows that (removing the requirement for Winbindd)? So, again, I ask ... *HOW* are you authenticating/mapping UNIX/Linux and Windows objects? Don't give me "LDAP" as an answer -- get _specific_. E.g., I do _not_ have to use a NTLM server and a native Windows SAM on a PDC or ADS DC. That's a point I think you keep missing. > This can't be done without server-side (Linux) AND client-side > (Windows) skills, so both have to be tested. Again, has *0* to do with my point. I will ask the Microsoft/MCSE question again ... "Why get Linux certified if you just know how to connect Windows clients and nothing else? Our native Windows server solution supports Windows clients better!" Seriously! Why would I hire a LPIC-3 if they only know how to make an UNIX/Linux server act like a Windows server and do _nothing_ else? Why would I run UNIX/Linux? Why? I'd hire the MCSE and put in a Windows Server. That is my 100% _professional_ opinion. And you're going to find _many_ agree with me. The whole reason for an UNIX/Linux foundation is to give a _true_ "open standards" network infrastructure. That means I'm interested in authenticating and mapping objects for Apache, NFS, Databases, etc... as well. > I can't see how this devaluates the LPIC-3, and why noone would hire\ > such a professional. I would hire the MCSE and put in Windows Servers. Or I would hire the RHCA and put in Red Hat Enterprise Linux servers. I would _not_ hire a LPIC-3 certified individual. Period. > Of course, if they want Windows servers they won't want LPICP's. But what _value_ does such a LPIC-3 program bring? So, they know Samba -- how to authenticate locally or use a Windows ADS DC. So what? What does that _give_ me?! What "new capability" and "new flexibility" does that give me over Windows Servers? Really? If you say Apache, then how? If I'm not authenticating Apache or mapping Apache credentials against a native UNIX/Linux "open standard" enterprise mechanisms, then why do I need UNIX/Linux? I don't! > But if they want Linux servers they'll need LPICP-3-Samba. > Having LPIC-3-Samba does not precludes you from having LPIC-3-LDAP > and LPIC-3-whatever. Say you have dozen file servers, all nicely > integrated on a ldap-based infrastructure. Stop quoting "LDAP" like it's some holy grail (that is "hard"). ;-> > You'll need many more samba experts to keep this network functioning > than ldap experts to manage the central infrastruture. Stop quoting "Samba" and "LDAP" like they are discrete. They are only _partial_ solutions to the problem. I _expect_ "Samba" experts to know the first thing about network-wide authentication and objects. Unfortunately, over 90% do _not_ and I clean up their collective messes at many clients. They don't have to be "LDAP" experts. But they _do_ have to understand that NTLM/SAM functions are _separate_ from RPC/SMB. Furthemore, they should know _how_ they don't have to use NTLM/SAM via Winbindd to get network-wide authentication. This is the UNIX/Linux enterprise. Acting like it doesn't exist is why I can't stand the work of 90% of Linux consultants I run into. It's why I can't stand most of the HOWTOs out there. And it's why I have been writing a book, then a HOWTO and now just decided to start the ELResource on Wikia. Because I, along with 10% of other people on most Linux support lists, are tired of the "cookbook" methods to enterprise management. We're the consultants constantly getting work and extremely positive referrals (and repeat business). Because we _solve_ the problem. We don't just "recommend and throw service X" at the problem. > And you'll have lots of troubleshooting and capacity planning that > are specific for samba, not touching anything related do OpenLDAP or > Fedora Directory (former Netscape Directory). You can't setup Samba without authenticating and mapping objects. Unless, of course, you just use the local UNIX mechanisms. But that's not enterprise networking. ;-> > The other way is also true, you'll have lots of work related to the > directory servers that are not affected by samba. So you have > positions for both kinds of experts, and you would also like to have > someone who masters both. For the last time, I'm _not_ talking about "directory server" mastery. I'm talking about _basic_ authentication and object mapping across a network. > That said, I think it will be bad if we launch LPIC-3 with only LDAP > and Samba exams. Taking an exam that does not grants certification has > no value for professionals and employees. I don't see a strong need > for professional with both expertises, but this may be my local > environment only (Brazil). Microsoft, Novell, Red Hat and Sun would _strongly_ disagree with you. You can_not_ have an "enterprise" network without mapping and authenticating credentials across it. Now I've put forth my best effort to "separate" those auth/dir/name aspects from the file/print aspects. Winbindd is for the _former_, _not_ the latter. And it is _not_ the only solution. In fact, it is a "last resort" solution to use for native Windows Server NTLM/SAM interaction when you don't have a native UNIX/Linux service. > I know LPI has few resources to develop and deploy many tests, but > shouldn't we launch at least three LPIC-3 exams instead of only two, > so candidates can effectively choose their track on the LPIC-3 > program? One step at a time. Don't be a hurry to rush to various exams. We'll just lose focus. > These are two different beasts. A&R does not implies virtualization, > and virtualization is not only about A&R. Ummm, _all_ of the consulting and "strategic planning" work I've done for EMC Corporation and HP in the financial industry would very much _disagree_ with you. I'm sure IBM, SuSE (Novell) and Red Hat would also say such. Virtualization is _everything_ about "Availability and Redundancy." It's about being able to distribute and augment loads, recover systems from images and countless other details. It's the whole reason why EMC bought VMWare, why HP, IBM and others go at it (especially with their non-PC platforms), etc... >From the "enterprise" standpoint, it is _not_ about being able to run Windows XP alongside Linux Desktops. That would be covered in a "Desktop" exam (if that objective would even reach "critical mass"). > You won't be able to fold and market everything under general > categories. because employees look for specifc (product-based) skills. Yes, and I have mentioned _many_, _specific_ services in _every_ case of these "8 domains." And trust me, I (among others who help me) are going to make the ELResource into not just "conceptual" overview, but a "practice" and "task" _specific_ resource for _everything_. >From "architectural" down to specific on how you using Kerberos and GSSAPI to authenticate and ticket system and file access via NFS and SMB. > And sometimes the product-specific This isn't the "commercial software" world of "all-in-one products." This is the "open standard" world of UNIX/Linux. We use _portions_ of "projects" and glue "piecemeal" solutions. > skills are so big they justify an exam and certification per se. And in the "real world," you accomplish many tasks by using _multiple_ solutions. Not only that, you often use only _part_ of a "project" as applicable. Such as Winbindd when it comes to object authentication and mapping. Has _nothing_ to do with Samba file services and can be used for _other_ things. ADS is many, _separate_ and sometimes _optional_ components that work together but have _nothing_ to do with SMB, but they are both part of Windows Server's enterprise services. Samba is many, _separate_ components that are _optional_ that may work together, and some have _nothing_ to do with SMB. Furthermore, Samba is *INCOMPLETE* when it comes to how ADS works. And it's not a matter of "slapping on LDAP." Far from it. Even Microsoft breaks up many aspects in to concept-based exams, _not_ just "product name" ones. If you look at what's covered, you'll see some portions of ADS are in a complete _separate_ exam, while other network services fold back in to the ADS exams. -- Bryan J. Smith Professional, technical annoyance mailto:[EMAIL PROTECTED] http://thebs413.blogspot.com ---------------------------------------------------------- The existence of Linux has far more to do with the breakup of AT&T's monopoly than anything Microsoft has ever done. _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/mailman/listinfo/lpi-examdev
