Re: [Samba] Re: LDAP account management tools?
Craig White wrote: On Thu, 2005-12-15 at 10:32 -0500, Matt Lung wrote: There are lots of resources for getting support - this list is user supported for free. Expecting personal attention to one's situation is probably not reasonable. You can always contract for support, setup assistance, etc. Craig Agreed, there are lots of resources for getting help. Of course expecting personal attention to one's problems is not always going to happen on a free platform. When I post to this list however I am asking for personal attention every time. If someone gives that attention back is another thing. But it is free support so you always must keep that in mind. Contracting for support for getting say your home network going??? Who is going to want to do that? Samba is not just used as an Enterprise server application. I'm just suggesting making it easier to setup and maintain so just keep an open mind. of course home networking isn't going to involve LDAP (unless you are at my house) so that isn't an issue and most of the distributions give you a tool to configure samba for your home network now or you can always use swat. This list is simply a users helping users and infrequently, when someone is fortunate enough to have properly researched their problem and stated it simply and clearly enough, they will get answers from samba developers. These simple facts remain... - open source usage requires the implementer to get involved in the configuation details. - there aren't always nice, neat gui tools for these configuration issues...remember, UNIX/Linux is about text based configuration files and the gui tools tend to make a bludgeon of things that in text form...can be organized, logical and easy enough to change with a simple editor. - samba has the best documentation that I am aware of all open source projects and because of the detail/scope/breadth, people don't want to read it and instead, want to use the mail lists instead. - if we are talking about a business and there's no one on staff capable of handling the issues involved, businesses pay for support. Craig The simple fact was I was just asking if there were plans for a nice web-based server configuration/administration tool that would be offered up by the Samba team. Since your either part of the Samba Team or are speaking on their behalf, you could have simply said we don't have the developers to take on a project like this, or simply said NO we are not even thinking of doing a project like that. Good discussion though. Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Mon, 2005-12-19 at 07:10 -0500, Matt Lung wrote: Craig White wrote: On Thu, 2005-12-15 at 10:32 -0500, Matt Lung wrote: There are lots of resources for getting support - this list is user supported for free. Expecting personal attention to one's situation is probably not reasonable. You can always contract for support, setup assistance, etc. Craig Agreed, there are lots of resources for getting help. Of course expecting personal attention to one's problems is not always going to happen on a free platform. When I post to this list however I am asking for personal attention every time. If someone gives that attention back is another thing. But it is free support so you always must keep that in mind. Contracting for support for getting say your home network going??? Who is going to want to do that? Samba is not just used as an Enterprise server application. I'm just suggesting making it easier to setup and maintain so just keep an open mind. of course home networking isn't going to involve LDAP (unless you are at my house) so that isn't an issue and most of the distributions give you a tool to configure samba for your home network now or you can always use swat. This list is simply a users helping users and infrequently, when someone is fortunate enough to have properly researched their problem and stated it simply and clearly enough, they will get answers from samba developers. These simple facts remain... - open source usage requires the implementer to get involved in the configuation details. - there aren't always nice, neat gui tools for these configuration issues...remember, UNIX/Linux is about text based configuration files and the gui tools tend to make a bludgeon of things that in text form...can be organized, logical and easy enough to change with a simple editor. - samba has the best documentation that I am aware of all open source projects and because of the detail/scope/breadth, people don't want to read it and instead, want to use the mail lists instead. - if we are talking about a business and there's no one on staff capable of handling the issues involved, businesses pay for support. Craig The simple fact was I was just asking if there were plans for a nice web-based server configuration/administration tool that would be offered up by the Samba team. Since your either part of the Samba Team or are speaking on their behalf, you could have simply said we don't have the developers to take on a project like this, or simply said NO we are not even thinking of doing a project like that. Good discussion though. there is of course swat and I am speaking on my own behalf and I have little knowledge of the toolsets under development either in the 3.x or 4.x branches. You should consider webmin http://www.webmin.com if you want a web based interface to access/interact the smb.conf but I find that it makes a mess of my organization of the smb.conf file and don't use it for that purpose. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
Craig White said: there is of course swat and I am speaking on my own behalf and I have little knowledge of the toolsets under development either in the 3.x or 4.x branches. You should consider webmin http://www.webmin.com if you want a web based interface to access/interact the smb.conf but I find that it makes a mess of my organization of the smb.conf file and don't use it for that purpose. The Fedora Directory server console has looked promising - did some digging over the weekend to find out how hard it would be to teach it how to handle the Samba objectclasses natively. When I get some time, going to see if I can get any progress on it. Regards, Graham -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Mon, 2005-12-19 at 15:49 +0200, Graham Leggett wrote: Craig White said: there is of course swat and I am speaking on my own behalf and I have little knowledge of the toolsets under development either in the 3.x or 4.x branches. You should consider webmin http://www.webmin.com if you want a web based interface to access/interact the smb.conf but I find that it makes a mess of my organization of the smb.conf file and don't use it for that purpose. The Fedora Directory server console has looked promising - did some digging over the weekend to find out how hard it would be to teach it how to handle the Samba objectclasses natively. When I get some time, going to see if I can get any progress on it. If you look at the fedora directory list archives, I was asking about that. It would seem to be mostly html. But this is for LDAP management and not for editing configuration files for samba. BTW - I actually use webmin's LDAP Users and Groups with both openldap and fedora directory server to edit users and groups. The topic started as account management tools and migrated over to samba configuration tools. The folks from idealx halso have an account management web based server. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
Craig White wrote: If you look at the fedora directory list archives, I was asking about that. It would seem to be mostly html. But this is for LDAP management and not for editing configuration files for samba. The Fedora Directory console's tool for editing objects in the directory has views of different objectclasses, giving a more specific editing interface than the generic edit this attribute. Some of the views include groups, persons, an NT user (for their legacy Windows NT integration). The idea was to extend this into a Samba user, Samba group, Samba Domain, etc. Regards, Graham -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Mon, 2005-12-19 at 21:40 +0200, Graham Leggett wrote: Craig White wrote: If you look at the fedora directory list archives, I was asking about that. It would seem to be mostly html. But this is for LDAP management and not for editing configuration files for samba. The Fedora Directory console's tool for editing objects in the directory has views of different objectclasses, giving a more specific editing interface than the generic edit this attribute. Some of the views include groups, persons, an NT user (for their legacy Windows NT integration). The idea was to extend this into a Samba user, Samba group, Samba Domain, etc. that is specifically what I was referring to...I called them 'templates' for lack of a better term but I like your 'views' terminology better. The code for those is actually html. ls -l /opt/fedora-ds/clients/dsgw/config/ Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
Craig White wrote: that is specifically what I was referring to...I called them 'templates' for lack of a better term but I like your 'views' terminology better. The code for those is actually html. ls -l /opt/fedora-ds/clients/dsgw/config/ The code I found was in mcc70.jar, which implements the console management system in Java. Seems if it's done there, it would have to be done in the dsgw/html section as well. Regards, Graham -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
Graham Leggett wrote: Craig White wrote: If you look at the fedora directory list archives, I was asking about that. It would seem to be mostly html. But this is for LDAP management and not for editing configuration files for samba. The Fedora Directory console's tool for editing objects in the directory has views of different objectclasses, giving a more specific editing interface than the generic edit this attribute. Some of the views include groups, persons, an NT user (for their legacy Windows NT integration). The idea was to extend this into a Samba user, Samba group, Samba Domain, etc. Somthing like this might useful for fresh people migrating from NT : http://sum.i6x.org/sum/depan.html And as usual, volunteer needed ;-) -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
Matt Lung wrote: Are there any plans for the Samba team to implement their own set of web-based graphical tools to control accounts and servers? The Directory server that Redhat Enterprise and Fedora are pushing is looking good, but how involved is the Samba team with that? phpLdapAdmin and LAM are excellent products, but it sure would be nice if the tool was coming right from the Samba team, and it pretty much did it all. From walking you through setting up the server, initializing your LDAP directory, to administration of the directory and server. Maybe you have plans for this, maybe you don't. I'm just curious. Since samba can not works without other softwares, what we need is a full linux distro for Samba (complete replacement of Windows NT = NT Killer :-) -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Craig White schrieb: On Wed, 2005-12-14 at 21:52 +0100, Andreas Haumer wrote: [...] And for me (and I'm sure for many others, too) Samba (read: the release of Samba3 with much improved LDAP support) was the main reason to deep into the universe of LDAP directories and account databases. don't stop there - LDAP offers much more than just account management for posixAccounts and sambaSamAccounts. True. I did never claim the opposite :-) [...] This even might be sort of a standardisation driving force for LDAP system account database structure. Currently there doesn't seem to exist such standard (apart from very basic things) The problem with this is right from the base, everybody's structure is going to be different. What works for a small company isn't going to work for a medium size company which isn't even going to slightly resemble what the DIT would look like for a big company. I don't agree here, or at least I don't agree with the implications this statement has. a) If everybody's structure really is different, IMHO we have something fundamentally wrong. It would also be a nightmare for maintainers of LDAP client software like Samba and others. It is also not true even now: There _are_ similar concepts used in all HOWTOs, books etc. about LDAP , but at a (IMHO) low level and there is much room for improvement. b) From my experience (I have set up dozends of Linux File/Printer/ Mail/VPN/etc. servers using LDAP account databases for small and medium sized companies) a standardized LDAP database structure _does_ fit systems from a few to, let's say, several hundert users, from the typical single-server-small-office-network to the larger network with dozends of servers and many services distributed over several locations and several departments. It took me quite some time to put together the LDAP database structure, all the tools needed and tweak them to work together seamlessly, though. LDAP is by nature not designed to have a specific shape or style (standardization as you put it) and if you are constrained into thinking that the structure is to be dictated by Samba (as proxy for Microsoft), then you probably ought to just use Microsoft AD as they have already configured the parts they are interested in. For the record, Microsoft I read this statement several times now and I can't help but thinking that you must be kidding. didn't create LDAP. I am continually finding more uses for LDAP and those have nothing to do with Samba at all. Of course I don't say Samba has to dictate something here (it can't, anyway), but I think Samba plays an important role in this game which puts it into a special position. I currently use LDAP databases for PAM, NSS, Samba, RADIUS, Mail, Adressbook, User-Preferences, User authentication in various applications and other purposes and it works fine. But it's hard work to have everything work together in the beginning as many components have their own idea of how LDAP is to be used. It's the lack of standardization what makes things hard. Read the various books written by most prominent members of the Samba community. They talk about all this. But IMHO we have to do the next step and reduce entropy a little bit more. I think we are currently at the beginning of what might be _the_ standard way to set up Unix/Linux networks in maybe 5 years from now. I really would like to see this happen! Just my 2 €-cent... :-) - - andreas PS: Jerry: maybe this all means that you have to write LDAP System Administration, 2nd edition, soon :-) - -- Andreas Haumer | mailto:[EMAIL PROTECTED] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoVQ3xJmyeGcXPhERAmCnAJ9kOmwuvZC0HjVl3bsoE14Cak408wCeL8mm 4gB39B76OHv3OhYCrtaYrPM= =79pw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
Andreas Haumer wrote: b) From my experience (I have set up dozends of Linux File/Printer/ Mail/VPN/etc. servers using LDAP account databases for small and medium sized companies) a standardized LDAP database structure _does_ fit systems from a few to, let's say, several hundert users, from the typical single-server-small-office-network to the larger network with dozends of servers and many services distributed over several locations and several departments. It took me quite some time to put together the LDAP database structure, all the tools needed and tweak them to work together seamlessly, though. hey!, please share your LDAP database structure, i found that part the mst time consuming when you are creating a new domain, or a LDAP server able to support multiple apps (samba, mail, locally developed software, vpn, etc..) Any case study or some notes you would like to share, i can help with the QA of the manual, and the typing of the document, altough english is not mi first language :D -- Raúl D. Pittí Palma Associate Global Engineering and Technologies mobile (507)-6616-0194 office (507)-264-2362 Republic of Panama www.globaltecsa.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
Beast wrote: Matt Lung wrote: Are there any plans for the Samba team to implement their own set of web-based graphical tools to control accounts and servers? The Directory server that Redhat Enterprise and Fedora are pushing is looking good, but how involved is the Samba team with that? phpLdapAdmin and LAM are excellent products, but it sure would be nice if the tool was coming right from the Samba team, and it pretty much did it all. From walking you through setting up the server, initializing your LDAP directory, to administration of the directory and server. Maybe you have plans for this, maybe you don't. I'm just curious. Since samba can not works without other softwares, what we need is a full linux distro for Samba (complete replacement of Windows NT = NT Killer :-) I don't necessarily think we need a full Linux distro for Samba at all. I was just suggesting the Samba suite should incorporate some sort of web-based application to aid in the configuration and management of its server(s). Granted it is not Samba that should dictate what everyones LDAP directory should contain or look like, but in a sense samba already is. You need certain parameters stored inside that LDAP database that are required by the samba code to function. You need the LDAP database itself for your server to function. Adding different attributes or schemas to your directory to take advantage of other software accessing the directory is still available to you. Just because you start off using LDAP for Samba doesn't mean your stuck only using it for that. Really in the case of Samba you do have a specific shape and style you must conform to in order to get your server working. It must be followed to the T every time or it will not work. So simply telling everyone that they should just run off and use Microsoft AD if you think LDAP structure should be dictated is ridiculous. When it comes down to it at the end of the day you and I are using Samba to control Microsoft Windows clients and serve them files. The whole goal here should be to start making it just as easy to install, configure and manage as a Microsoft AD server acting as a PDC. Right now, it isn't. It could be with some work though. I believe new users will continue to struggle until there is some sort of wizard type setup that will aid in the configuration of their Samba servers. If they use a wizard and get setup what they want they will be happy. Maybe some of them will leave it at that and never look any deeper, or maybe others will need to dig down and start learning how Samba really works or how LDAP really works, and start customizing. Most that are just starting out they try this and they hit a road block and become frustrated they ask for help on this list and most get chastised for asking a simple question. The inevitable answer is read the documentation. A lot of times it gets pretty nasty too. Why don't you make a separate list for new samba users to post simple startup questions to?? I'd run back to Microsoft in an instant too if I was new looking for help and that happened to me.Doing something like this to make startup easier is only going to help this project and further promote switching from Microsoft servers to Samba servers, or switching to Linux in general. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Thu, 2005-12-15 at 09:20 -0500, Matt Lung wrote: Right now, it isn't. It could be with some work though. I believe new users will continue to struggle until there is some sort of wizard type setup that will aid in the configuration of their Samba servers. If they use a wizard and get setup what they want they will be happy. I think that is the point of smbldap-tools and most specifically smbldap-populate - sort of a turnkey approach to getting the Windows expected/Samba LDAP implemented base setup. Maybe some of them will leave it at that and never look any deeper, or maybe others will need to dig down and start learning how Samba really works or how LDAP really works, and start customizing. Most that are just starting out they try this and they hit a road block and become frustrated they ask for help on this list and most get chastised for asking a simple question. The inevitable answer is read the documentation. How do you deal with people that already have their users and groups setup? Is basic LDAP setup/configuration part of Samba responsibility? A lot of times it gets pretty nasty too. Why don't you make a separate list for new samba users to post simple startup questions to?? I don't see it getting nasty I'd run back to Microsoft in an instant too if I was new looking for help and that happened to me.Doing something like this to make startup easier is only going to help this project and further promote switching from Microsoft servers to Samba servers, or switching to Linux in general. There are lots of resources for getting support - this list is user supported for free. Expecting personal attention to one's situation is probably not reasonable. You can always contract for support, setup assistance, etc. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
Craig White wrote: On Thu, 2005-12-15 at 09:20 -0500, Matt Lung wrote: Right now, it isn't. It could be with some work though. I believe new users will continue to struggle until there is some sort of wizard type setup that will aid in the configuration of their Samba servers. If they use a wizard and get setup what they want they will be happy. I think that is the point of smbldap-tools and most specifically smbldap-populate - sort of a turnkey approach to getting the Windows expected/Samba LDAP implemented base setup. yes, but sort of a shocker for first time Linux or Samba users. Consider where they are coming from. NEXT, NEXT, NEXT, NEXT, FINISH. I'm not saying the command lines tools do not work at all. I have no problem setting up servers with them, but why does it have to be only one way? All I'm really talking about is a nice graphical interface that would pretty much still utilize all those same commands. Think of it as step by step documentation, but at the same time your building your server by clicking buttons and filling out options. Maybe some of them will leave it at that and never look any deeper, or maybe others will need to dig down and start learning how Samba really works or how LDAP really works, and start customizing. Most that are just starting out they try this and they hit a road block and become frustrated they ask for help on this list and most get chastised for asking a simple question. The inevitable answer is read the documentation. How do you deal with people that already have their users and groups setup? Is basic LDAP setup/configuration part of Samba responsibility? In my opinion if your setting up Samba to use LDAP it should be Samba's responsibility to get you to a point that their software starts working the way you expect. They do that pretty much with the smbldap-populate script. The people (like me and its always a nasty problem) that already have their users and groups setup will have to be delt with. By no means am I saying just go do this and do it without planning or thinking of others situations that can casuse a problem. Maybe some sort of module could be programed to initialize your directory with an ldif from your old setup, and specify your site user and group configuration. A migrate moduel. This is all just speculation for something that does not exist... but I'm sure something can be done to accommodate most everyone. A lot of times it gets pretty nasty too. Why don't you make a separate list for new samba users to post simple startup questions to?? I don't see it getting nasty It does at times. I'd run back to Microsoft in an instant too if I was new looking for help and that happened to me.Doing something like this to make startup easier is only going to help this project and further promote switching from Microsoft servers to Samba servers, or switching to Linux in general. There are lots of resources for getting support - this list is user supported for free. Expecting personal attention to one's situation is probably not reasonable. You can always contract for support, setup assistance, etc. Craig Agreed, there are lots of resources for getting help. Of course expecting personal attention to one's problems is not always going to happen on a free platform. When I post to this list however I am asking for personal attention every time. If someone gives that attention back is another thing. But it is free support so you always must keep that in mind. Contracting for support for getting say your home network going??? Who is going to want to do that? Samba is not just used as an Enterprise server application. I'm just suggesting making it easier to setup and maintain so just keep an open mind. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Raúl D. Pittí Palma schrieb: [...] hey!, please share your LDAP database structure, i found that part the mst time consuming when you are creating a new domain, or a LDAP server able to support multiple apps (samba, mail, locally developed software, vpn, etc..) Any case study or some notes you would like to share, i can help with the QA of the manual, and the typing of the document, altough english is not mi first language :D We currently have several pages of information on that topic in our internal knowledge base. It's all in german (looking at your signature I reckon this is not your first language, either ;-) and they contain some internal, confidental information, but I'll see what I can do. Perhaps I find some time over the holidays to prepare something to be published. IMHO the most valuable information in these documents is in the chapter titled Preparation, definitions and fundamental decisions. Here I have some infos about topics like * ways to authenticate against the LDAP database how do the various subsystems authenticate? pros and cons * LDAP admin DN how, why, where to use it? * Directory Security Accounts (DSA) how, whatfor and why? * LDAP tree structure how do we lay out the tree and why? * What attribute do we use as RDN for user accounts and why? * how do we crypt user passwords if, how and why (or why not)? * What system components do work with LDAP and how do they work together? I wrote these documents to set up the standards for us (xS+S) but it would be interesting to discuss this with others as I'm sure there's always room for improvement. As far as I remember there is a Samba Wiki in preparation. Would this be a good place to start? What do people think about this? - - andreas - -- Andreas Haumer | mailto:[EMAIL PROTECTED] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDodk6xJmyeGcXPhERAjbjAKDAIUTZtpmH8emc8Lf1eBEn2cRvTwCfS16q toGRaGWllmaEWxIa+aDzjpc= =LNrj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Thu, Dec 15, 2005 at 09:59:41PM +0100, Andreas Haumer wrote: What do people think about this? doch, sicher, gerne! (yes, please, i'm looking forward to it) -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Thu, 2005-12-15 at 10:32 -0500, Matt Lung wrote: Craig White wrote: On Thu, 2005-12-15 at 09:20 -0500, Matt Lung wrote: Right now, it isn't. It could be with some work though. I believe new users will continue to struggle until there is some sort of wizard type setup that will aid in the configuration of their Samba servers. If they use a wizard and get setup what they want they will be happy. I think that is the point of smbldap-tools and most specifically smbldap-populate - sort of a turnkey approach to getting the Windows expected/Samba LDAP implemented base setup. yes, but sort of a shocker for first time Linux or Samba users. Consider where they are coming from. NEXT, NEXT, NEXT, NEXT, FINISH. I'm not saying the command lines tools do not work at all. I have no problem setting up servers with them, but why does it have to be only one way? All I'm really talking about is a nice graphical interface that would pretty much still utilize all those same commands. Think of it as step by step documentation, but at the same time your building your server by clicking buttons and filling out options. different topics - different replies. Are you volunteering to sponsor programmers to do this, were you planning on writing it yourself or simply lamenting that this hasn't been done already for you? Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Thu, 2005-12-15 at 10:32 -0500, Matt Lung wrote: There are lots of resources for getting support - this list is user supported for free. Expecting personal attention to one's situation is probably not reasonable. You can always contract for support, setup assistance, etc. Craig Agreed, there are lots of resources for getting help. Of course expecting personal attention to one's problems is not always going to happen on a free platform. When I post to this list however I am asking for personal attention every time. If someone gives that attention back is another thing. But it is free support so you always must keep that in mind. Contracting for support for getting say your home network going??? Who is going to want to do that? Samba is not just used as an Enterprise server application. I'm just suggesting making it easier to setup and maintain so just keep an open mind. of course home networking isn't going to involve LDAP (unless you are at my house) so that isn't an issue and most of the distributions give you a tool to configure samba for your home network now or you can always use swat. This list is simply a users helping users and infrequently, when someone is fortunate enough to have properly researched their problem and stated it simply and clearly enough, they will get answers from samba developers. These simple facts remain... - open source usage requires the implementer to get involved in the configuation details. - there aren't always nice, neat gui tools for these configuration issues...remember, UNIX/Linux is about text based configuration files and the gui tools tend to make a bludgeon of things that in text form...can be organized, logical and easy enough to change with a simple editor. - samba has the best documentation that I am aware of all open source projects and because of the detail/scope/breadth, people don't want to read it and instead, want to use the mail lists instead. - if we are talking about a business and there's no one on staff capable of handling the issues involved, businesses pay for support. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. Meanwhile, can others chime in with their favorite LDAP tools? Cheers, deryck - -- Deryck Hodgehttp://www.devurandom.org/ Samba Team http://www.samba.org/ This is the 21st century ... Magic isn't dead. --Marillion (2001) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoEch4glRK0DaE8gRAq3iAKCr0w7kBiuAV7eO0Rmb8EcJF0jZ+ACgzudn nPe6a3X9x5R8C2XKMVIurYU= =x6Mu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: LDAP account management tools?
Hi, not samba-specific but a really cool LDAP tool. http://ldapadmin.sourceforge.net/ (I think it has already been talked about in here) Best Regards, Bruno Guerreiro -Original Message- From: Deryck Hodge [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 14 de Dezembro de 2005 16:24 To: Gerald (Jerry) Carter Cc: [EMAIL PROTECTED] Subject: [Samba] Re: LDAP account management tools? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. Meanwhile, can others chime in with their favorite LDAP tools? Cheers, deryck - -- Deryck Hodgehttp://www.devurandom.org/ Samba Team http://www.samba.org/ This is the 21st century ... Magic isn't dead. --Marillion (2001) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoEch4glRK0DaE8gRAq3iAKCr0w7kBiuAV7eO0Rmb8EcJF0jZ+ACgzudn nPe6a3X9x5R8C2XKMVIurYU= =x6Mu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
Are there any plans for the Samba team to implement their own set of web-based graphical tools to control accounts and servers? The Directory server that Redhat Enterprise and Fedora are pushing is looking good, but how involved is the Samba team with that? phpLdapAdmin and LAM are excellent products, but it sure would be nice if the tool was coming right from the Samba team, and it pretty much did it all. From walking you through setting up the server, initializing your LDAP directory, to administration of the directory and server. Maybe you have plans for this, maybe you don't. I'm just curious. Deryck Hodge wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. Meanwhile, can others chime in with their favorite LDAP tools? Cheers, deryck - -- Deryck Hodgehttp://www.devurandom.org/ Samba Team http://www.samba.org/ This is the 21st century ... Magic isn't dead. --Marillion (2001) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoEch4glRK0DaE8gRAq3iAKCr0w7kBiuAV7eO0Rmb8EcJF0jZ+ACgzudn nPe6a3X9x5R8C2XKMVIurYU= =x6Mu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Deryck Hodge schrieb: Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. One idea: it would be nice to have a site where infos about LDAP account database best practice could be collected. There are so many books (Jerry: I like your LDAP System Administration very much ;-), HOWTOs, tips, emails etc. out there but I always have the impression that the least common demoninator about several significant decisions is very low. Not to mention that many tips and HOWTOs even contradict each other or are outdated (It's a fast developing area!) An (incomplete) list of those best practice topics might include: * overall layout of LDAP tree Deep or shallow? What ou should be there? * how to store passwords cleartext? crypt? SSHA? MD5? What are the pros and cons? * where to store machine trust accounts? Should you sub-structure your accounts ou or not? * use DSA for NSS, PAM, Samba, Radius, replication, etc.? pros? cons? Impact on ACL? * Where to store the sambaDomainName entry? (directly at the tree root or use your own ou?) * best way on how to configure your ACL * Which tools should one use to change user passwords? smbldap tools? Web GUI? PAM with pam_ldap? etc. Decisions on all of these topics have impact on the way each subsystem has to be configured and on how they all work together. Of course over the years I have developed a structure I like best, but this is not to say it _is_ the best (under any metrics you might imagine). One should also take into account that different LDAP administration tools might more or less enforce a specific way of how to set up your LDAP database, which is the link I see between the list of LDAP system admin tools and a LDAP account database best practice info site. Meanwhile, can others chime in with their favorite LDAP tools? I use GOSA on several installations and I like it! http://oss.gonicus.de/gosa/index.php/Main_Page Regards, - - andreas - -- Andreas Haumer | mailto:[EMAIL PROTECTED] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoFaGxJmyeGcXPhERAq2WAJ48M6Ash5U1ay65mzFtc4c2PXRbvQCghN/N ciXfCE1BnBMH938vSEXdm7I= =0559 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Wed, 2005-12-14 at 10:24 -0600, Deryck Hodge wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. Meanwhile, can others chime in with their favorite LDAP tools? I use webmin http://www.webmin.com Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Wed, 2005-12-14 at 18:29 +0100, Andreas Haumer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Deryck Hodge schrieb: Gerald (Jerry) Carter wrote: Deryck, Should we create a list of LDAP management tools that support the Samba schema? For example, LAM phpLdapAdmin. http://lam.sf.net/ http://phpldapadmin.sf.net/ Sounds like a fine idea to me. I probably need to do a bit of website reorganization so that tools, i.e. GUIs, LDAP management, etc., are easier to find. I'll think through the best way to handle this. One idea: it would be nice to have a site where infos about LDAP account database best practice could be collected. There are so many books (Jerry: I like your LDAP System Administration very much ;-), HOWTOs, tips, emails etc. out there but I always have the impression that the least common demoninator about several significant decisions is very low. Not to mention that many tips and HOWTOs even contradict each other or are outdated (It's a fast developing area!) An (incomplete) list of those best practice topics might include: * overall layout of LDAP tree Deep or shallow? What ou should be there? not really a samba issue * how to store passwords cleartext? crypt? SSHA? MD5? What are the pros and cons? not really a samba issue * where to store machine trust accounts? Should you sub-structure your accounts ou or not? * use DSA for NSS, PAM, Samba, Radius, replication, etc.? pros? cons? Impact on ACL? * Where to store the sambaDomainName entry? (directly at the tree root or use your own ou?) * best way on how to configure your ACL * Which tools should one use to change user passwords? smbldap tools? Web GUI? PAM with pam_ldap? Methinks that the future samba wiki might be a good place for this etc. Decisions on all of these topics have impact on the way each subsystem has to be configured and on how they all work together. Of course over the years I have developed a structure I like best, but this is not to say it _is_ the best (under any metrics you might imagine). One should also take into account that different LDAP administration tools might more or less enforce a specific way of how to set up your LDAP database, which is the link I see between the list of LDAP system admin tools and a LDAP account database best practice info site. Meanwhile, can others chime in with their favorite LDAP tools? I use GOSA on several installations and I like it! http://oss.gonicus.de/gosa/index.php/Main_Page Thanks Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: * where to store machine trust accounts? Should you sub-structure your accounts ou or not? * use DSA for NSS, PAM, Samba, Radius, replication, etc.? pros? cons? Impact on ACL? * Where to store the sambaDomainName entry? (directly at the tree root or use your own ou?) * best way on how to configure your ACL * Which tools should one use to change user passwords? smbldap tools? Web GUI? PAM with pam_ldap? Methinks that the future samba wiki might be a good place for this Agreed. Craig is aware of this, but for others who are interested... Jerry and I are working on infrastructure for the wiki, which we hope to have completed in the next couple weeks. This took longer than originally expected due to a server upgrade. More wiki info will follow when available. Cheers, deryck - -- Deryck Hodgehttp://www.devurandom.org/ Samba Team http://www.samba.org/ This is the 21st century ... Magic isn't dead. --Marillion (2001) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoIQX4glRK0DaE8gRAjMbAJ9tQ69CB5MCG1TSLack0oq3QykrlQCgkzcD gsfwmTxTMZNykVqC/a/BKDk= =YziC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Craig White schrieb: On Wed, 2005-12-14 at 18:29 +0100, Andreas Haumer wrote: [...] An (incomplete) list of those best practice topics might include: * overall layout of LDAP tree Deep or shallow? What ou should be there? not really a samba issue * how to store passwords cleartext? crypt? SSHA? MD5? What are the pros and cons? not really a samba issue Agreed, but still these decisions have to be made if a LDAP database is to be set up and used as system account database, with or without Samba. And for me (and I'm sure for many others, too) Samba (read: the release of Samba3 with much improved LDAP support) was the main reason to deep into the universe of LDAP directories and account databases. * where to store machine trust accounts? Should you sub-structure your accounts ou or not? * use DSA for NSS, PAM, Samba, Radius, replication, etc.? pros? cons? Impact on ACL? * Where to store the sambaDomainName entry? (directly at the tree root or use your own ou?) * best way on how to configure your ACL * Which tools should one use to change user passwords? smbldap tools? Web GUI? PAM with pam_ldap? Methinks that the future samba wiki might be a good place for this I agree. This even might be sort of a standardisation driving force for LDAP system account database structure. Currently there doesn't seem to exist such standard (apart from very basic things) - - andreas - -- Andreas Haumer | mailto:[EMAIL PROTECTED] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDoIYVxJmyeGcXPhERAlu+AJwJW2fdJVN5lJ+5anky2Uq0vHetmQCfVGXL hA6SGWWrwqVli8yhe98U+aI= =Tsge -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP account management tools?
On Wed, 2005-12-14 at 21:52 +0100, Andreas Haumer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Craig White schrieb: On Wed, 2005-12-14 at 18:29 +0100, Andreas Haumer wrote: [...] An (incomplete) list of those best practice topics might include: * overall layout of LDAP tree Deep or shallow? What ou should be there? not really a samba issue * how to store passwords cleartext? crypt? SSHA? MD5? What are the pros and cons? not really a samba issue Agreed, but still these decisions have to be made if a LDAP database is to be set up and used as system account database, with or without Samba. And for me (and I'm sure for many others, too) Samba (read: the release of Samba3 with much improved LDAP support) was the main reason to deep into the universe of LDAP directories and account databases. don't stop there - LDAP offers much more than just account management for posixAccounts and sambaSamAccounts. * where to store machine trust accounts? Should you sub-structure your accounts ou or not? * use DSA for NSS, PAM, Samba, Radius, replication, etc.? pros? cons? Impact on ACL? * Where to store the sambaDomainName entry? (directly at the tree root or use your own ou?) * best way on how to configure your ACL * Which tools should one use to change user passwords? smbldap tools? Web GUI? PAM with pam_ldap? Methinks that the future samba wiki might be a good place for this I agree. This even might be sort of a standardisation driving force for LDAP system account database structure. Currently there doesn't seem to exist such standard (apart from very basic things) The problem with this is right from the base, everybody's structure is going to be different. What works for a small company isn't going to work for a medium size company which isn't even going to slightly resemble what the DIT would look like for a big company. LDAP is by nature not designed to have a specific shape or style (standardization as you put it) and if you are constrained into thinking that the structure is to be dictated by Samba (as proxy for Microsoft), then you probably ought to just use Microsoft AD as they have already configured the parts they are interested in. For the record, Microsoft didn't create LDAP. I am continually finding more uses for LDAP and those have nothing to do with Samba at all. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
