-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John H Terpstra wrote: > On Tue, 27 May 2003, Buchan Milne wrote: > > Throwing away SWAT is a bad option. SWAT is a source of access to > documentation as well as a means of configuring the system.
Sure, but some of it (Using Samba) is currently horridly out-of-date. > You will have > a big job on your hands to convince an MS Windows network admin who is not > versed in Unix to use a text editor like vi. I find they spend too much time setting 'valid users' every time they need to let another user get to a file, instead of adding another group and adding the required use to the group, and using unix permissions to solve it. IMHO, ksambaplugin is better for newbies, and vi+ssh+man smb.conf is more powerful for more experienced users. > > A better solution is to fix the defects in SWAT. Have you looked at the > wizard feature in SWAT? > Yes, it has been a big improvement, but is still lacking IMHO. > What can we do to make SWAT a better tool? > I have mentioned this before: allow vendor extensions to defualts. Take a look at this smb.conf (please ignore the extra comments for the moment, a beginner Windows admin in most cases will agree that samba can be tuned for performance if he sees that he can easily get the functionality he requires, but if he sees no functionality because it's hidden, will most likely assume samba is missing the features, and never get to tuning anyway): http://ranger.dnsalias.com/mandrake/samba/smb.conf Then, uncomment a few lines, and we have (this one is outdated compared to the previous one): http://ranger.dnsalias.com/mandrake/samba/smb-domain-controller.conf (BTW, this includes almost everything I have learnt about samba in 3 years running samba as a DC and PDC/BDC via LDAP, and saves me a lot of time when configuring samba for clients, on average 5 minutes of configuration to a working DC with customised login scripts, working profiles etc etc). If we run SWAT on the default smb.conf first (as many users do), we get: http://ranger.dnsalias.com/mandrake/samba/smb-swat.conf Sure, it's 18k smaller (but interms of the performance hit, should samba be reading the whole config file, if it hasn't been modified since the current smbd was started?), but there is no way the user is going to get any of these configs without a lot of wasted time: In [global] add user script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u domain admin group = root @wheel @adm In [netlogon]: #Uncomment the following 2 lines if you would like your login scripts to #be created dynamically by ntlogon (check that you have it in the correct #location (the default of the ntlogon rpm available in contribs) root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon/ root postexec = rm -f /var/lib/samba/netlogon/%U.bat In [profiles]: # This script can be enabled to create profile directories on the fly root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \ then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi > The use of tools that do not know the config parameters of the current > version of Samba will bite your hand also. > Sure, I believe that a better method, such as a standard for hints given to config files based on some sort of schema needs to be developed. The schema would allow extension to be able to provide sane defaults customised to the OS/distro, based on what other software is avialable, default share locations etc. > I am not trying to convince you to use SWAT, I jsut want to get a sane > resolution on the matter. It seems that your solution is to throw the baby > out with the bath water just because it soils it's diaper once in a while. Since I'm the one cleaning the diaper, and not getting to play with the baby, you will note I have some motivation to do so ;-). But I haven't yet ... so my current stock answer on how to configure samba is: 1)Don't use swat, since the default configuration is definitely good enough for you until you figure out what samba does for you by default (ie usually homes share and printers share are enough for home users, and a good start for business users) 2)Use smbpasswd -a <username> for each user who needs to access samba, and 99% of your problems are solved. I find many cases where people change the homes share to be browseable, instead of adding an smbpasswd for a user, or adding a printer share in via SWAT instead of ensuring that they can actually print to it from the server (Mandrake ships with CUPS only now) first. Since I support samba on many non-samba forums (Mandrakeusers.org, MandrakeClub.com, LUG lists) I often see mistakes users make long before they even get to the samba list ... Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+06q1rJK6UGDSBKcRAjtHAKC0NP8oTPYRdgmDB8i7MH3BvpRIEQCfe6h5 Tk+4GRDycrF6lUR6aS55mx0= =fuWM -----END PGP SIGNATURE----- ****************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer. ******************************************************************
