Proposed solve following problem before release alpha.

[KS Tan]

On Fri, 2007-08-24 at 16:06 +1000, Andrew Bartlett wrote:
> On Fri, 2007-08-24 at 12:33 +0800, KS Tan wrote:
> > Hi all,
> > I'm another user who already test samba 4 quite much, proposed hold the
> > alpha untill:
> > 
> > 1.  samba 4 support support wins
> 
> It already does this.  Have you had a problem with the WINS support?

Oh? Inside SWAT is saw the WINS is disable so I thought it not yet ready. I'll continue test it

> > 2.  have option in smb.conf to dynamic update dns server.
> 
> Some of this is around, if we can integrate it nicely, then perhaps it
> will make an alpha.  But I suspect it's more alpha2 material.
In my opinion from the mailling list I read before, just 10-20 line of
codes need to append should be enough, simply update dns server when
computer connect the domain controller. It is reasonable we create the
tsig key ourself and define the path inside the smb.conf

> > 3. support print sharing
> 
> This would hold the release for another year, so I can't support this as
> a requirement.  (Printing is one of most insanely complex areas of
> Samba).  
It's too bad, we can't simply use code from samba 3? I'm so sorry because I thought its quite easy(Anyway, this is not really important because the domain controller should put at some place like server room).

> > 4. group policy apply to computer (currently apply to user only)
> 
> I'll need a fair bit more help to figure out why this is.  Is it just
> that computers need the matching machine$ account in the system's
> account DB?
I'm not really know why the computer didn't apply the group policy insde
an ou, however the group policy work pretty well for users. I'd test
apply the group policy last night seems not yet resolve.

> 
> > 5. During create user/groups from active directory user and computer,
> > the unixName for the object we created will fill in on the fly(assume
> > samba useraccount=unixname). 
> 
> The logic of the code that reads this attribute already assumes that
> mapping, if unixName is already set.  Have you had any problems with
> this?
>From what I'd test last night, when I create new user from active
directory user and computer(dsa.msc), the inside the swat I can't see
the exist of 'unixName' fields. So far what I'd done is create user from
Linux, create new user from swat, then edit the user from dsa.msc. Its
took 3 step for me to create a new user or groups. Or another way round,
create an unix user/group, create user from dsa.msc, then add unixName
field in swat. It is better if we can have an script, map at smb.conf to
allow us create unix/linux users and groups, create samba 4 users and
group, map samba4 username and groups with unix names.


> > I strongly suggest using this method
> > because I found that swat is not yet ready and 'active directory user
> > and computer(dsa.msc)' is user friendly enough. Otherwise we need to use
> > windows support tools or swat to manage it, its too troublesome(SWAT
> > still contain many bugs).
> 
> Have you reported these?  I know about the issue viewing users, but what
> are the others?
Unfortunately not yet, sorry because few times I intend to do but there
is some thing disturb me. And yes I mention about the viewing user.
For me, the swat still lack of quite many functionality, and we can't
manage the directory via swat.

> 
> > * for myself, alpha stage should have more complete basic functionality,
> 
> Can you spell this out a bit more?  Just the things noted above, or do
> you see other gaping holes (on the Domain Control side in particular)?
Yes, in my opinion when samba 4 need to solve above issue because I
guess this is the purpose of developing samba 4. For an small-medium
enterprise(50-200 computers), it is good for enough. The delegation,
active directory replication, shadow copy, and domain/forest trust is
not really important yet if samba 4 want to reach alfa stage.
> 
> > just waiting to debug and improve. Hopefully after few month we can hope
> > easier to manage samba 4 directory services.
> > *anyway, I believe its near and everything I'm mentioned almost ready
> > and not hard to configure.
> The challenge I have is:  Where do we go from here?  
I can only say, support what I'd mention above, since I want the
features. And if I have the features I'll feel very happy and I'll kick
Microsoft Active Directory away from my company network.

> 
> I don't mean to brush off your comments - I seriously value your
> feedback, as otherwise this is a one-man echo chamber.  So the question
> is:  
> 
> If I were to make a release in the next 2 weeks (as is the plan), how
> would you suggest we name it?   
I suggest, follow the svn, TP6. 

Summary:
=============
So far what I'd found inside the samba 4 during create the live cd (I
still maintaining now), it is really near. Your team donne great because
I can join active directory on the fly, create ou on the fly, gpo on the
fly, drag and drop user, apply gpo to an ou, gpo will inherit, I can
even block the group policy inheritance. So, the thing I feel less is
just creating user/group very trouble some. Then DNS integration is not
yet implemented, finally the printing is not support (I don't think
much people happy if we need to have 2 pcs of computer, 1 for samba 4
active directory server and another 1 for samba3 print server)

Finally, as a serious Windows administrator and a serious open source
software supporter, I'm concern and like this project very-very much.
Please don't feel bad if what I'd write hurt anybody. I simply want to
make it better, for those administrator same situation like me (I'd
fedup with managing microsoft licenses, it is never ending story and I
need to redo it always).

Regards,
Ks

> 
> Andrew Bartlett
>