[Samba] Problem achieving manual synchronisation of idmap.ldb and the associated User and Group ID mappings between two Samba 4 AD DCs

[Stephen]

Louis that would be perfect. As you say, the process is really getting 
far too involved for manual installation. Even SysAdmins need a helping 
hand and some sane defaults sometimes.

Thanks

Stephen

On 26/03/2019 14:18, L.P.H. van Belle via samba wrote:
> Its much more ..
>
> Before you think of installing samba, you should know some basics.
> 	- ip/hostname
> 	- domainname
> 	- realm
> 	- resolving
> And its files used for that.
>
> Then first thing would be.
> - Use real setup cases.
> 	- install from source setups.
> 	- install from packages setups.
>
> - Split up the setup based on these setup styles.
> 	- samba-ad-dc
> 	- samba-ad-member
> 	- samba-auth-only ( only winbind installed )
>
> 	- samba-NT4DOM-server ( try to avoid this )
> 	- samba-NT4DOM-member ( try to avoid this )
>
> 	- samba-standalone
> 	- samba-standalone with authentication.
>
> So here we have 7 setups and all are different, which makes a samba setup much harder to setup.
>
> But this above is not usefull is the basics are wrong.
>
> If the base is wrong, you will inherit it to samba and it makes debugging much harder.
> Which is why i use scripts to collect the debug info and that works because the debug info always looks the same.
>
> Samba is not like samba 5-10 years ago, it involves much more these days and you can play that much with the configs anymore.
> Which is in my option ok, so its better to find bugs and errors in the setup.
>
> My thoughts about this, and im working on it but for a scripted setup on debian.
> Once thats done, someone else can adapt it to an other os.
>
> Greetz,
>
> Louis
>   
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Stephen via samba
>> Verzonden: dinsdag 26 maart 2019 15:11
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Problem achieving manual
>> synchronisation of idmap.ldb and the associated User and
>> Group ID mappings between two Samba 4 AD DCs
>>
>> On 26/03/2019 13:39, Rowland Penny via samba wrote
>>>> Go on, I give in, what is wrong with the official Samba
>> documentation?
>>>> Off the top of my head:
>>>> 1) Your (ie Samba project) docs are structured a little poorly and
>>>> actually pretty hard to follow - eg a single article describes
>>>> setting up Samba both with SAMBA_INTERNAL and BIND which is
>>>> confusing. Two separate articles, one on each topic would
>> be better!
>>> The problem is that the Samba wiki is written from the
>> perspective of
>>> using a self-compiled version of Samba, not from the perspective of
>>> this is how you use Samba on distro X.
>> This is a big problem with your docs though. I am really not
>> sure that
>> is the right assumption to make from the viewpoint of
>> actually driving
>> Samba adoption in 2019. Yes, docs describing building from
>> source are in
>> theory universal, and there is the ever present problem of Linux
>> fragmentation. However in reality I reckon probably 1% of your users
>> build Samba for themselves from source. Most busy SysAdmins will be
>> using either Debian/Ubuntu packages or CentOS/RedHat packages I would
>> imagine, so you would only need two sets of docs to cover the vast
>> majority of users.
>>> Could you supply a link to the Samba dns page you refer to ?
>> The page in question isn't actually about DNS but it is the
>> main Samba
>> AD installation tutorial here:
>>
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active
>> _Directory_Domain_Controller
>>
>> This is the main page for Samba AD installation and wants to be split
>> into at least 2 further pages IMHO to avoid confusion
>>
>> 1) Samba AD installation with SAMBA_INTERNAL backend
>>
>> 2) Samba AD installation using BIND backend
>>
>> 3) Possibly split again to describe interactive and non interactive
>> installation with Bind and Samba_internal
>>
>>>> 3) They lacks the clear straightforward step by step approach of
>>>> TechMint with screenshots and similar?
>>>>
>>>> Not really a fan of screenshots, unless there is no other way of
>>>> displaying information.
>> You do need some way of letting the user confirm *for
>> themselves* that
>> what they see on their own termnial is what they should
>> expect to see.
>> This lets them verify that they have set things up correctly. This is
>> very important!
>> Note that this doesn't have to be an actual picture
>> screenshot, it could
>> be some example terminal output. Something so they can verify
>> that they
>> are on the right track.
>>
>>>> 4) In practice this means that non-experts cannot / wont be able to
>>>> use Samba, even for basic tasks as I am trying to do here. People
>>>> less determined than me will give up,
>>>> and I am basically dependent upon this (awesome, thanks everyone)
>>>> mailing list and its support.
>>> Again, the wiki was written from the point of view of
>> experts and not
>>> necessarily understandable by 'non-experts'. This needs to be fixed,
>>> but to do this, we need to know what is actually wrong.
>> Even assuming your guide is for experts, one of the biggest problems
>> biggest problem is there is no common thread or narative linking
>> together separate disparate wiki articles on multiple
>> individual topics.
>> You could do worse than create a section on the Samba website
>> - "Getting
>> Started with Samba AD" that covers the top 5 basic use cases
>> for Samba.
>> Suggested structure:
>>
>> Section 1) Setting up a primary DC
>>
>> Section 2) Setting up a failover secondary DC
>>
>> Section 3) Syncing primary and secondary DCs together
>>
>> Section 4) Joining another machine to the Domain and setting
>> it up as a
>> fileserver
>>
>> Section 5) Printer sharing
>>
>> Section 6) Configuring windows clients to join a samba domain
>>
>> Section 7) Advanced Samba Usage
>>
>>>> 5) You need to get one person to write the docs. Another person
>>>> should then separately *verify* the instructions that are given to
>>>> avoid simple mistakes.
>>>>
>>>> This not entirely true, one person could do this, make
>> notes as they do
>>>> something and then do it again, just following their notes.
>> The problem with the same person checking, is that a second
>> person will
>> take different approaches to the first and will encounter
>> problems that
>> the first person doesn't encounter due to different set of mental
>> implicit assumptions etc. It makes your documentation more
>> robust if a
>> second person is involved in the validation.
>>
>>
>> Cheers
>> Stephen
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>