Author Topic: Surpride Settlement Splits Microsoft  (Read 1463 times)

badkarma

  • VIP
  • Member
  • ***
  • Posts: 497
  • Kudos: 0
Surpride Settlement Splits Microsoft
« Reply #15 on: 14 February 2002, 02:22 »
Wow, lot's of smileys in that last post ....

Let's just say I'm making up for the lack of them in your posts  :D
If you can't learn to do something well, learn to enjoy doing it poorly.

iancom

  • Member
  • **
  • Posts: 103
  • Kudos: 0
Surpride Settlement Splits Microsoft
« Reply #16 on: 14 February 2002, 02:31 »
quote:
Originally posted by BadKarma:
Wow, lot's of smileys in that last post ....

Let's just say I'm making up for the lack of them in your posts   :D  



...sorry! I'm a bit of a text purist at heart   :D  

My experiences are very similar to yours... I did just about scrape through my degree (non-computer related) and worked in general office admin for a couple of years after. Got my first IT job supporting OS/2 for a large financial company and haven't looked back since. Diving in at the deep end and getting real experience is by far the best way to go.

As long as you're always willing to really push yourself and are not afraid to learn new concepts you should always do well in IT...!

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Surpride Settlement Splits Microsoft
« Reply #17 on: 14 February 2002, 02:38 »
Linux/*NIX people usually like to know as much as possible about everything to do with a computer.  There's nothing wrong with having MCSE books (as long as you know you are looking at a one sided view and you can get them for free).  I had the NT Server Resource kit and actually read the damn books which is why I could resolve the WINS, DNS, TCP/IP, etc issues with MS.  I looked at it from a lower level than the "point & click" level of an MCSE and could understand the real issues.  I'm sorry but you would think with the "SE" part of MCSE people could at least read and comprehend.  The "SE" has become severely devalued with the MCSE.  Actually, I would say it's false advertising.
Someone please remove this account. Thanks...

iancom

  • Member
  • **
  • Posts: 103
  • Kudos: 0
Surpride Settlement Splits Microsoft
« Reply #18 on: 14 February 2002, 02:47 »
Anyone from the area correct me if I'm wrong, but I believe they're not allowed to actually use the word 'Engineer' in the certification description in Canada...?

I think this does apply to all IT certifications, but it would be nice to think the Canadian government was so clued up as to realise that M$ certificants could never be described as "systems engineers"!

jtpenrod

  • VIP
  • Member
  • ***
  • Posts: 675
  • Kudos: 105
Surpride Settlement Splits Microsoft
« Reply #19 on: 14 February 2002, 08:53 »
MCSE= Minesweeper Consultant, Solitaire Expert  :D

[ February 13, 2002: Message edited by: jtpenrod ]

Live Free or Die: Linux
If software can be free, why can't dolphins?

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Surpride Settlement Splits Microsoft
« Reply #20 on: 14 February 2002, 21:34 »
quote:
Originally posted by IanC:

It does get a little laborious maintaining a copy of your NT user list on the Samba server as well as the Domain, but the release notes for 2.2.3a assure us that will be sorted very soon... :)



IanC, I did a little Samba work today and I no longer have to maintain two userid lists.  "winbind" is pretty freakin' cool!  I downloaded/built/installed 2.2.3a as you suggested.  I turned on encryption and made my Samba server a member of my NT domain and set "security = DOMAIN".  Fired up winbind and samba and now I can use NT userids and groups not only within the samba configuration but at the *NIX level. I can make local files/directories owned my NT userIDs and set group permissions to NT groups.

In addition to that a little playing with /etc/nsswitch.conf, /etc/pam.d/login and /etc/pam.d/ssh now allows me to log in to my Linux box with an NT domain ID and password.  Without having to create a local account or having to manually update any list, winbind does it all.  It's very much like NIS but it let's NT play along.  I can also ssh/telnet to the box using an NT ID/password.  Looks like we'll be replacing those NT fileservers VERY soon at that company I mentioned!
Someone please remove this account. Thanks...

iancom

  • Member
  • **
  • Posts: 103
  • Kudos: 0
Surpride Settlement Splits Microsoft
« Reply #21 on: 14 February 2002, 14:45 »
Yeah, I had just discovered winbind last night and was playing with it on a test server... it was about 1 o'clock so I didn't do quite well enough to get everything working absolutely right but I reckon I'll have it sorted later today!

It does look like exactly the sort of thing Samba needs.. that way after it's all set up correctly all permissions etc can be dealt with by NT group membership and User manager and even admin types might never realise they're not dealing with an NT server!

Excellent, Smithers.

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Surpride Settlement Splits Microsoft
« Reply #22 on: 14 February 2002, 15:56 »
I only had one issue that required changing some code.  I wouldn't have found the issue because I usually edit the smb.conf file in my favorite text editor (vim) but I was talking a partner though viewing a share with swat and found a bug in swat.

First the only way I could find to use the NT domain groups in the smb.conf file (found absolutely no examples anywhere) was this format:

valid users = @"MYDOMAIN+Domain Admins"

The domain MYDOMAIN has the "Domain Admins" group that I wanted to grant access to a share so you use the "@" just like with UNIX groups and the group name.  With winbind the group name shows up in the form of "DOMAIN+Group".  And because a lot of NT domains contain a "space" in their name they need to be quoted.  The only way of quoting that I found that would work is in my "valid users" example above.

Now, "swat" doesn't expect any quote marks in the string of groups and when I view the properties of that share in swat I get just an "@" and nothing else.  I realized that was because in the HTML the tag looked like:

value="@"MYDOMAIN+Domain Admins""

So you can see why only the "@" was displayed.  I then started looking over the source for swat (it's a C program) and found where it spit out those types of form elements (only two places need a simple change).  Now the HTML that it spits out looks like:

value='"@"MYDOMAIN+Domain Admins"'

I just replaced the double quotes in the value tag with single quotes, recompiled, and it works like a champ.  And no you can't use single quotes in the group name, tried that first and it doesn't work.  I wouldn't have had to change the swat code if it did work.

At any rate, it seems to be working perfectly.  Will be doing more heavy duty testing tomorrow probably.
Someone please remove this account. Thanks...

iancom

  • Member
  • **
  • Posts: 103
  • Kudos: 0
Surpride Settlement Splits Microsoft
« Reply #23 on: 14 February 2002, 17:30 »
...excellent work, thanks for the tips. I really must learn C properly at some point so that I would stand a chance of being able to debug source code like that!

One of my first actions when I started working here was, as part of my push to secure the NT network as far as is possible, to remove or rename all of the predefined NT groups and usernames in the domain. And of course their replacements and any further groups that have since been added do not have any spaces in them. It Just Seems Wrong.

So maybe I'll be okay...

Cheers

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Surpride Settlement Splits Microsoft
« Reply #24 on: 16 February 2002, 07:54 »
quote:
Originally posted by IanC:
One of my first actions when I started working here was, as part of my push to secure the NT network as far as is possible, to remove or rename all of the predefined NT groups and usernames in the domain. And of course their replacements and any further groups that have since been added do not have any spaces in them. It Just Seems Wrong.



Good idea... on a side note, I got ACLs working today on Linux local filesystems and within Samba.  Now if you access the Samba shares from an NT/2k client you can change the permissions on files and directories just like you can on an NT server.  You can't really tell you are connected to something *other* than an NT server.  You can add NT Domain groups or users to the ACLs and set any of the attributes that you can do on an NT server.

I had to grab the kernel source and apply the ACL patches first, and rebuild Samba with ACL support (and add a couple of other minor things).  I used to use ACLs on AIX years ago, it's pretty cool being able to do it in Linux now, and even cooler to be able to do it through Samba.  Goodbye NT file servers. Good riddens!
Someone please remove this account. Thanks...