I am slowly teaching myself sufficient to get a Samba AD DC running on a very small network as a training exercise, replacing an ancient Samba PDC with at least 10 years worth of mistakes in it! I am not a computer specialist, but an electrical engineer who has some involvement in the IT system of a charity using AD (my reason for wanting to learn), and therefore this exercise has been pushing the boundaries of my knowledge. My assessment is that Samba has come a long way, but documentation to help someone like me is limited. I support code being more important than documentation, but good documentation should reduce the number of queries on this mailing list. I would therefore like to make some suggestions for improving the documentation on wiki.samba.org. Firstly, a better introduction to Samba - it is now a highly complex bit of software, with multiple ways in which it can be set up. Would some kind of flow chart be possible, covering the options from "sharing data between my Linux desktop and my wife's windows machine" up to "replacing a forest of 10 domains", and outlining for each of them what features of Samba are used, and how they are controlled (smb.conf, samba-tool, Microsoft AD interface)? Associated with this is the need to know what other software is needed, and what is not needed (one of my problems was due to trying to add a separate Kerberos server - thanks to Rowland Penny and Denis Cardon for putting me right on that one). So Kerberos is out, Cups is often useful, and I don't know about pam - and there is probably others! Some of the pages on the wiki appear to be out of date, which can be confusing. An example random page is https://wiki.samba.org/index.php/7.1_Configuration which talks about LDAP - which I think is now not needed for a simple DC. Weeding those out would be difficult, but it might be more practical to take a concept from the Microsoft technical pages where near the top of many pages it has a section "Applies to", and have a similar area on the Wiki pages. This could at least be done on the current major pages. The basic instructions on the Wiki are good as long as everything goes correctly. What would be useful is extra pages on "Tests and problem solving" - giving tests that can be done to identify what is, or is not, working at each stage, and any starting points on how to fix things. I found that, when I joined my first machine to the new AD domain, it took 3 minutes to log in - only after a lot of chasing around did I discover the DNS address needed updating on that machine, and that reduced it to a sensible log in time. Searching for "slow login" on the Samba wiki finds nothing, so I then was searching the whole web for any ideas. Finally, thank you to the Samba team for all the work you have done. Regards David Lee
On 2014-03-10 6:49 PM, David Lee wrote:> I am slowly teaching myself sufficient to get a Samba AD DC running on a > very small network as a training exercise, replacing an ancient Samba > PDC with at least 10 years worth of mistakes in it! I am not a computer > specialist, but an electrical engineer who has some involvement in the > IT system of a charity using AD (my reason for wanting to learn), and > therefore this exercise has been pushing the boundaries of my knowledge. > My assessment is that Samba has come a long way, but documentation to > help someone like me is limited. I support code being more important > than documentation, but good documentation should reduce the number of > queries on this mailing list. I would therefore like to make some > suggestions for improving the documentation on wiki.samba.org. > Firstly, a better introduction to Samba - it is now a highly complex bit > of software, with multiple ways in which it can be set up. Would some > kind of flow chart be possible, covering the options from "sharing data > between my Linux desktop and my wife's windows machine" up to "replacing > a forest of 10 domains", and outlining for each of them what features of > Samba are used, and how they are controlled (smb.conf, samba-tool, > Microsoft AD interface)? Associated with this is the need to know what > other software is needed, and what is not needed (one of my problems was > due to trying to add a separate Kerberos server - thanks to Rowland > Penny and Denis Cardon for putting me right on that one). So Kerberos is > out, Cups is often useful, and I don't know about pam - and there is > probably others! > Some of the pages on the wiki appear to be out of date, which can be > confusing. An example random page is > https://wiki.samba.org/index.php/7.1_Configuration which talks about > LDAP - which I think is now not needed for a simple DC. Weeding those > out would be difficult, but it might be more practical to take a concept > from the Microsoft technical pages where near the top of many pages it > has a section "Applies to", and have a similar area on the Wiki pages. > This could at least be done on the current major pages. > The basic instructions on the Wiki are good as long as everything goes > correctly. What would be useful is extra pages on "Tests and problem > solving" - giving tests that can be done to identify what is, or is not, > working at each stage, and any starting points on how to fix things. I > found that, when I joined my first machine to the new AD domain, it took > 3 minutes to log in - only after a lot of chasing around did I discover > the DNS address needed updating on that machine, and that reduced it to > a sensible log in time. Searching for "slow login" on the Samba wiki > finds nothing, so I then was searching the whole web for any ideas. > Finally, thank you to the Samba team for all the work you have done. > > Regards > David LeeI am with David Lee :) Best regards, -- L?a Massiot
On Mon, 2014-03-10 at 17:49 +0000, David Lee wrote:> Some of the pages on the wiki appear to be out of date, which can be > confusing. An example random page is > https://wiki.samba.org/index.php/7.1_Configuration which talks about > LDAP - which I think is now not needed for a simple DC.At the footer of each page is a note, such as this one: This page was last modified on 25 January 2007, at 13:55. It was probably quite correct in 2007, and may well still be correct for a 'classic' domain controller, which we still support. For running an AD DC, please see https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO I understand your point about all our documentation showing its age. This is a challenge we have tried to turn over to our user community, but that still leaves old pages around that don't acknowledge the new context of the Samba 4.x release series. Anyone here is most welcome to ask for a wiki account, and help us tidy things up, starting with https://wiki.samba.org/index.php/Special:AncientPages Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba