[Samba] Books of Samba 4

Tony Hain tony at tndh.net
Sat Mar 1 16:05:09 MST 2014 

Marc Muehlfeld wrote:
> Sent: Saturday, March 01, 2014 7:53 AM
> ...
> You'll find many more interesting HowTos in the Wiki. And if you're
> missing something, let us know here on the list. I'm always looking for
> new and interesting topics for writing new HowTos and documentation. :-)

Marc,

I am glad to hear you want suggestions ... ;)

The inconsistencies between 3 & 4 wrt AD need some documentation, the wiki
is virtually useless, and the How-To guide is just about all 3 with
NT4-style domains, or how to join AD as a DC.

Documentation of samba-tool is virtually non-existent, and what is there
assumes you know all the syntax of the underlying tool, and which new
command replaces what old command. The difference in provisioning is
frustrating at best. Particularly when samba-tool doesn't provide adequate
configuration for a functional system. From my post about the printer errors
(that persist despite the offered config which I already had, and how to
turn off printing is another thing missing from the documentation):
	The wiki and HOW TO are useless as they are just as focused on 
	making the server into a printing hub as it is on making the 
	machine be a DC despite a 'server role = member server' statement.  
	 FWIW:   samba-tool domain provision --server-role= member \
		 --domain=EXAMPLE --realm=EXAMPLE.LOCAL 
	results in a DC that refuses to be demoted, and won't join an
existing 
	AD without adding to [global]:
	# !!!!!!!!!!!!! mandatory & missing from member provision step
!!!!!!!!!!
	security = ADS
	It is all well and good to explain how to enable the services and
try to be the 
	one-box-to-rule-them-all, but there should be working examples about
how 
	to disable services when that service is not a role for this
machine.!.!.!

In general there is a lack of documentation about how to turn off services
that are not wanted on this instance, or if it does exist, it is not easily
found. It took hours of google searches to find email threads that talked
about printer errors, and following those instructions didn't work, so it
was not clear if the ancient mail-thread instructions were current, or if
something is broken in the current release.

The documentation about %U vs %u left me initially confused. Just finding
the documentation about the variable definitions requires a google search
because the wiki search returns nothing when you look for definition of
variables, or variable substitutions. Put in %U or \%U and you get back a
pile of references to -U... I misremembered the reference I had read in the
initial read through, but did pull out 'requested vs. current', figured I
wanted the received current ID rather than the requested one because that
would map to the unix acls on this server, and didn't make the association
that requested equated to the AD SID that all remote requests would be
using. This lead to a couple of days trying to find the page again that made
it clear I picked the wrong one. 

Just as an exercise, try to walk through setting up a fresh 4.1 as a
file-share-only member server in an existing AD, using the current
documentation, and see how far you get. You can't use memory, just what you
can find to read through the wiki links page, or its less-than-helpful
search. 

Tony

More information about the samba mailing list