Back in line, maggot!
Just spent about 8 of the last 13 hours converting an NT4 domain to a Samba3 domain using LDAP as a SAM backend (to store machine and user accounts). It would’ve been much simpler if not for a bug in smbldap-tools (which didn’t add the “sambaSamAccount” objectClass to the machine accounts, in turn breaking the net rpc vampire process). Part of the issue is that there’s so little in the way of google-able documentation, if something breaks and you aren’t already very familiar with the way NT4 domains handle machine accounts and/or how Samba does the PDC dance, it gets ugly fast.
Some other quirks (like machines consistently not joining the domain the first time, but properly joining the second time [??]) kinda suck, but hopefully they’ll get ironed out in time for Samba-4, when they get to throw everything out and enter the 9th circle of ActiveDirectory Hell. Microsoft’s “Roaming Profiles” 5uXX0r as well, taking about 40-seconds the first time you login to a machine, and another minute the first time you log out. I wonder what it could possibly be doing for that 40 – 60 seconds, personally — since the files themselves are only 16M, it’s looking like either Samba is really slow (unlikely), or there’s some kind of ugly timeout going on. Junk to investigate tonight, I guess.
I also got a Trek 7100 “hybrid” (granny/commuter) bike yesterday. It’s light enough for my lazy self to drag up the stairs to my apartment, though I haven’t ridden since I was a kid. I’ve already wiped out once (thanks to a freshly trimmed rut alongside a sidewalk), and my legs were getting a little heated by the end of the trip home after work (which is evidence more of my total out-of-shapeness than the bike).
Anyhow, having been awake for so long and then wasting so many hours wrestling with my three favorite technologies (NT domains, LDAP, and Samba), I will now sleep until tonight… Or until I get called in to the office because my boss used a non-standard password for the big-boss’ computer’s local-admin account, preventing me from getting it back on the domain. Whichever comes first…
[…] As I noted earlier, there are problems with Windows’ roaming profiles in Samba. To be more accurate, there are problems with Windows’ roaming profiles in general, but most people don’t bother enabling them until they migrate to samba. It appears as though they were designed to be operated with an intermittant high-speed link, where it synchronizes your data (registry, settings, Desktop folder, Start Menu, IE cookies/history/etc., along with all your actual data, including “My Documents,” and it’s children, “My Pictures” and “My Music”) when you login, and again when you log out. In practice, this synchronization means logging in takes about a minute, and logging out (depending on how much stuff you’ve done) takes another minute or two — and it’s totally unacceptable to have your lab machines just sit on their hands for a minute while they unnecessarily copy (literally) hundreds of MB of crap they could just as easily access directly from the samba share. For the Unix-heads around, imagine if networked home directories worked by rsync’ing your home directory to the client machine and then back again when you logged out — dragging your gig-or-so worth of settings, caches, and data both ways. Multiply that by a few dozen users and you fill up your client machines’ disks with a quickness. […]
If you link to this post from your blog, a link back to your post will go here.