[Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs

L.P.H. van Belle belle at bazuin.nl
Tue Mar 26 14:18:11 UTC 2019 

Its much more ..

Before you think of installing samba, you should know some basics. 
	- ip/hostname 
	- domainname
	- realm 
	- resolving
And its files used for that. 

Then first thing would be. 
- Use real setup cases.
	- install from source setups.
	- install from packages setups. 

- Split up the setup based on these setup styles. 
	- samba-ad-dc
	- samba-ad-member
	- samba-auth-only ( only winbind installed ) 

	- samba-NT4DOM-server ( try to avoid this ) 
	- samba-NT4DOM-member ( try to avoid this ) 

	- samba-standalone 
	- samba-standalone with authentication. 

So here we have 7 setups and all are different, which makes a samba setup much harder to setup. 

But this above is not usefull is the basics are wrong. 

If the base is wrong, you will inherit it to samba and it makes debugging much harder. 
Which is why i use scripts to collect the debug info and that works because the debug info always looks the same. 

Samba is not like samba 5-10 years ago, it involves much more these days and you can play that much with the configs anymore.
Which is in my option ok, so its better to find bugs and errors in the setup. 

My thoughts about this, and im working on it but for a scripted setup on debian. 
Once thats done, someone else can adapt it to an other os. 

Greetz, 

Louis
 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stephen via samba
> Verzonden: dinsdag 26 maart 2019 15:11
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Problem achieving manual 
> synchronisation of idmap.ldb and the associated User and 
> Group ID mappings between two Samba 4 AD DCs
> 
> On 26/03/2019 13:39, Rowland Penny via samba wrote
> >> Go on, I give in, what is wrong with the official Samba 
> documentation?
> >>
> >> Off the top of my head:
> >> 1) Your (ie Samba project) docs are structured a little poorly and
> >> actually pretty hard to follow - eg a single article describes
> >> setting up Samba both with SAMBA_INTERNAL and BIND which is
> >> confusing. Two separate articles, one on each topic would 
> be better!
> > The problem is that the Samba wiki is written from the 
> perspective of
> > using a self-compiled version of Samba, not from the perspective of
> > this is how you use Samba on distro X.
> This is a big problem with your docs though. I am really not 
> sure that 
> is the right assumption to make from the viewpoint of 
> actually driving 
> Samba adoption in 2019. Yes, docs describing building from 
> source are in 
> theory universal, and there is the ever present problem of Linux 
> fragmentation. However in reality I reckon probably 1% of your users 
> build Samba for themselves from source. Most busy SysAdmins will be 
> using either Debian/Ubuntu packages or CentOS/RedHat packages I would 
> imagine, so you would only need two sets of docs to cover the vast 
> majority of users.
> > Could you supply a link to the Samba dns page you refer to ?
> 
> The page in question isn't actually about DNS but it is the 
> main Samba 
> AD installation tutorial here:
> 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active
> _Directory_Domain_Controller
> 
> This is the main page for Samba AD installation and wants to be split 
> into at least 2 further pages IMHO to avoid confusion
> 
> 1) Samba AD installation with SAMBA_INTERNAL backend
> 
> 2) Samba AD installation using BIND backend
> 
> 3) Possibly split again to describe interactive and non interactive 
> installation with Bind and Samba_internal
> 
> >> 3) They lacks the clear straightforward step by step approach of
> >> TechMint with screenshots and similar?
> >>
> >> Not really a fan of screenshots, unless there is no other way of
> >> displaying information.
> 
> You do need some way of letting the user confirm *for 
> themselves* that 
> what they see on their own termnial is what they should 
> expect to see. 
> This lets them verify that they have set things up correctly. This is 
> very important!
> Note that this doesn't have to be an actual picture 
> screenshot, it could 
> be some example terminal output. Something so they can verify 
> that they 
> are on the right track.
> 
> >> 4) In practice this means that non-experts cannot / wont be able to
> >> use Samba, even for basic tasks as I am trying to do here. People
> >> less determined than me will give up,
> >> and I am basically dependent upon this (awesome, thanks everyone)
> >> mailing list and its support.
> > Again, the wiki was written from the point of view of 
> experts and not
> > necessarily understandable by 'non-experts'. This needs to be fixed,
> > but to do this, we need to know what is actually wrong.
> Even assuming your guide is for experts, one of the biggest problems 
> biggest problem is there is no common thread or narative linking 
> together separate disparate wiki articles on multiple 
> individual topics. 
> You could do worse than create a section on the Samba website 
> - "Getting 
> Started with Samba AD" that covers the top 5 basic use cases 
> for Samba. 
> Suggested structure:
> 
> Section 1) Setting up a primary DC
> 
> Section 2) Setting up a failover secondary DC
> 
> Section 3) Syncing primary and secondary DCs together
> 
> Section 4) Joining another machine to the Domain and setting 
> it up as a 
> fileserver
> 
> Section 5) Printer sharing
> 
> Section 6) Configuring windows clients to join a samba domain
> 
> Section 7) Advanced Samba Usage
> 
> >> 5) You need to get one person to write the docs. Another person
> >> should then separately *verify* the instructions that are given to
> >> avoid simple mistakes.
> >>
> >> This not entirely true, one person could do this, make 
> notes as they do
> >> something and then do it again, just following their notes.
> 
> The problem with the same person checking, is that a second 
> person will 
> take different approaches to the first and will encounter 
> problems that 
> the first person doesn't encounter due to different set of mental 
> implicit assumptions etc. It makes your documentation more 
> robust if a 
> second person is involved in the validation.
> 
> 
> Cheers
> Stephen
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list