[Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs
Stephen
stephen at ogdenradar.com
Tue Mar 26 14:10:52 UTC 2019
On 26/03/2019 13:39, Rowland Penny via samba wrote
>> Go on, I give in, what is wrong with the official Samba documentation?
>>
>> Off the top of my head:
>> 1) Your (ie Samba project) docs are structured a little poorly and
>> actually pretty hard to follow - eg a single article describes
>> setting up Samba both with SAMBA_INTERNAL and BIND which is
>> confusing. Two separate articles, one on each topic would be better!
> The problem is that the Samba wiki is written from the perspective of
> using a self-compiled version of Samba, not from the perspective of
> this is how you use Samba on distro X.
This is a big problem with your docs though. I am really not sure that
is the right assumption to make from the viewpoint of actually driving
Samba adoption in 2019. Yes, docs describing building from source are in
theory universal, and there is the ever present problem of Linux
fragmentation. However in reality I reckon probably 1% of your users
build Samba for themselves from source. Most busy SysAdmins will be
using either Debian/Ubuntu packages or CentOS/RedHat packages I would
imagine, so you would only need two sets of docs to cover the vast
majority of users.
> Could you supply a link to the Samba dns page you refer to ?
The page in question isn't actually about DNS but it is the main Samba
AD installation tutorial here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
This is the main page for Samba AD installation and wants to be split
into at least 2 further pages IMHO to avoid confusion
1) Samba AD installation with SAMBA_INTERNAL backend
2) Samba AD installation using BIND backend
3) Possibly split again to describe interactive and non interactive
installation with Bind and Samba_internal
>> 3) They lacks the clear straightforward step by step approach of
>> TechMint with screenshots and similar?
>>
>> Not really a fan of screenshots, unless there is no other way of
>> displaying information.
You do need some way of letting the user confirm *for themselves* that
what they see on their own termnial is what they should expect to see.
This lets them verify that they have set things up correctly. This is
very important!
Note that this doesn't have to be an actual picture screenshot, it could
be some example terminal output. Something so they can verify that they
are on the right track.
>> 4) In practice this means that non-experts cannot / wont be able to
>> use Samba, even for basic tasks as I am trying to do here. People
>> less determined than me will give up,
>> and I am basically dependent upon this (awesome, thanks everyone)
>> mailing list and its support.
> Again, the wiki was written from the point of view of experts and not
> necessarily understandable by 'non-experts'. This needs to be fixed,
> but to do this, we need to know what is actually wrong.
Even assuming your guide is for experts, one of the biggest problems
biggest problem is there is no common thread or narative linking
together separate disparate wiki articles on multiple individual topics.
You could do worse than create a section on the Samba website - "Getting
Started with Samba AD" that covers the top 5 basic use cases for Samba.
Suggested structure:
Section 1) Setting up a primary DC
Section 2) Setting up a failover secondary DC
Section 3) Syncing primary and secondary DCs together
Section 4) Joining another machine to the Domain and setting it up as a
fileserver
Section 5) Printer sharing
Section 6) Configuring windows clients to join a samba domain
Section 7) Advanced Samba Usage
>> 5) You need to get one person to write the docs. Another person
>> should then separately *verify* the instructions that are given to
>> avoid simple mistakes.
>>
>> This not entirely true, one person could do this, make notes as they do
>> something and then do it again, just following their notes.
The problem with the same person checking, is that a second person will
take different approaches to the first and will encounter problems that
the first person doesn't encounter due to different set of mental
implicit assumptions etc. It makes your documentation more robust if a
second person is involved in the validation.
Cheers
Stephen
More information about the samba
mailing list