|
Have YOU setup a reliable ldap+samba+mail server? if so, what distro?
ARGH!!!!! I can't take it anymore!!!!!!!
Has anyone been successful with this? I must be using the wrong distro (opensuse), it can't be this hard! I'm sorry if this message sounds angry and negative, I am soo frustrated right now. I'm kicking over trash cans DOH!!! I've been working on this for a long long time! I'm sure there are many people like me that have the same problem! I will switch to ANY STABLE FREE distro that is easy to setup a RELIABLE ldap+samba+mail server. The distro needs to have long stable releases... not bleeding edge, frequent and unstable. Sorry ubuntu fans, too many releases too fast, all bleeding edge. Must be suitable and proven in a production environment, not some lab setup. I want to replace our corporate windoze servers with linux, but it has to be reliable, stable and relatively easy to manage, and a free distro (I know I know, but if we have to pay for the distro, my boss already paid for windoze and will stick with it). Here is what I want to build: GNU/Linux server (free, stable releases) - openldap server - samba server - mail/groupware server (webmail interface minimum, nice gui like scalix/zimbra preferred, must be free version), outlook support not required, group scheduling preferred - overall system management interface (like GOsa or better, no piece meal solutions using 15 different tools). I'd like to manage a user in one place, not use three different management tools to add/change a user, then add 50 custom bash scripts. phplpadadmin is a great browser tool, but you don't want to manage an organization with it. And LAM? fuggggetttaboutttttit... I apologize for sounding soo negative, it's been a long frustrating experience, and we still have windoze servers. Thank god my boss is more patient than me. As much as I love suse of old, I can't take it anymore! 10.1 was the last time they supported ldap with samba, using the smbldap tools. In 10.2, they dropped support for it (you could patch it to work sort-of), and they left you with ldapsmb, which didn't quite work completely (I never did resolve group mods with that tool, and never found anyone who had used it successfully). 10.3 cleaned up some issues, but still no joy. I could go into detail, but don't want to turn this thread into a bash/defend suse flame war (that subject is beat to death elsewhere). Who cares! Move on! I am... I'm currently looking at Debian again (it's been many years, but I do like it alot), because GOsa is written for that distro first. I'd like to use the latest debian, but it looks like Sarge 3.1 is still the most common, so I'm trying that one right now. I find myself learning a new distro (relearning kind of), and ask myself, if I'm willing to learn a new distro, now is the time to consider all other distro's out there, hence this message. I have read the samba and ldap books. They are GREAT at covering theory and generic configs, but don't give distro-specific configurations (every distro has differences). I've tried many of the various how-to's out there over the past year at least. I know what some of you are thinking... over a year? You must be stupid! Well, thanks alot, maybe I am, or just unlucky with opensuse I guess. Most how-to's have holes that leave critical stuff out and assumes you already know how to fix it. I'm sure there are many people like me that have never had luck building this server on various distros. I'm looking for recommendations from experienced sysadmins that know what an ldif file is, and have already gone through what I'm trying to do. Please do NOT reply to this message with your advice/suggestions if you have NOT actually setup a ldap+samba+mail server yourself! I don't need flag waving, sound bites or marketing pitches. We get enough of that from Micro$oft. Don't need RTFM or "they all can do it" or "try them all" either. If you have the urge to flame me, then please just click and move on to the next message. I'm down on one knee here, looking for a specific distro/release/configuration, not theory. Don't need "you must be too lazy, and want us to dot the I's and connect the lines for you". No, I will do the research myself, if you give me the specific distro/release/configuration YOU have had success doing. Naturally, any additional info you can offer (like examples of working configs) would be a huge assist. If you are a successful sysadmin, I suspect alot of people would be grateful for your guidance here. Again, I apologize for the frustrated rant. I'm willing to go through it all again on a different distro. Thanks for reading |
Count me in too
lol I know your pain! Count me in, I want to know too.
|
Quote:
etch (4.0r1) is the current stable version.. |
Quote:
|
I use the sarge hopw-to's on etch all the time and haven't had a problem yet. only difference is usually the software versions are newer..
|
Done it
> Has anyone been successful with this?
Yes. > I must be using the wrong distro (opensuse), it can't be this hard! Nope, I'm using SuSE / open SUSE > I will switch to ANY STABLE FREE distro that is easy to setup a > RELIABLE ldap+samba+mail server. You're thinking out the gate is WRONG WRONG WRONG WRONG WRONG. Distro hoping is *STUPID*. It is 99.999% the same bloody software on every distribution, there are NO huge differences unless someone boloxed something. > GNU/Linux server (free, stable releases) > - openldap server > - samba server Been using these for a decade, fast and stable, for several hundred users. > - mail/groupware server (webmail interface minimum, nice gui like > scalix/zimbra preferred, must be free version), outlook support not > required, group scheduling preferred We use OpenGroupware, but what ever. > - overall system management interface (like GOsa or better, no piece meal solutions using 15 different tools). Nope, you're screwed, use M$. Seriously. NO SUCH THING EXISTS. It is too bad, but that is the reality. Every single OpenLDAP shop I know has an in-house developed application for managing things like users. > As much as I love suse of old, I can't take it anymore! 10.1 was the l > last time they supported ldap with samba, using the smbldap tools. In What are you talking about? LDAP + Samba work fine on 10.1 / 10.2, and 10.3. They dropped smbldap? Who cares, it is a bunch of perl scripts. Put them in, write your own, that hardly merits distribution support. We use LDAP for DNS (bind), DHCP, and Samba, all are supported out-of-the box. > I find myself learning a new distro (relearning kind of), and ask > myself, if I'm willing to learn a new distro, now is the time to The answer to this question is always "NO". The distribution doesn't matter if it provides the basics. IT IS ALL THE SAME SOFTWARE. >I have read the samba and ldap books. They are GREAT at covering >theory and generic configs, but don't give distro-specific >configurations A HOWTO is not documentation, it is a recipe to inspire over confidence and drop someone into a configuration they don't understand and can't manage. And the Samba HOWTO / By Example guide doesn't provide enough examples? Bogus. > (every distro has differences) Bogus. Differences like what? OpenLDAP is OpenLDAP. Samba is Samba. Postfix is Postfix. > Most how-to's have holes that leave critical stuff out and assumes > you already know how to fix it. Of course, they are Sunday School when you should be reading the real text. If you want to understand LDAP then you need to read about LDAP, and then and only then go into specific implementations like OpenLDAP, Active Directory, etc... going the other way around is wrong headed. It took us three years to roll build everything into an 'LDAP enabled network'. That is a normal duration for such a project. >I'm looking for recommendations from experienced sysadmins that know > what an ldif file is, and have already gone through what I'm trying >to do. Done it. Taught classes on it. http://www.whitemiceconsulting.com/node/30 > Don't need RTFM But you need to, really. > or "they all can do it" But they can |
whitemice,
Thanks for responding, I appreciate the feedback. You make your point clear enough, a little harsher than what I was expecting, but still very useful and informative. I looked at those classes, and I think taking a class next is probably my best bet. At least then I won't be alone, and will be around people who are having success at getting the software to work. I have been reading the books, and I do understand the theory, the basics are not that hard. My problem has been getting the software to actually work correctly. Something always doesn't work, and I struggle to fix to no avail. As for writing my own management interface, and writing my own scripts, I have to wonder why? Why re-invent the wheel? Why does everyone re-invent the wheel? You said yourself every shop has their custom software, and I can understand the necessity of a custom solution, but out of all these shops, there must be plenty of scripts and software that meet generic needs. Surely there are thousands of scripts/interfaces out there that can be used for a generic solution for small organizations. You probably have some standard scripts/apps you install on every server you build, especially in your classes as an instructor. Can we get them? Are they closely guarded secrets? Or have they been released, and I just failed to find them in my searching? For those of us out here who haven't written all that yet, or worked in an environment that already has it, it would be extremely helpful if you and the shops shared some of those with the community. Also, you mentioned systems management platforms don't exist. I found the GOsa project, and have gotten most of it working. It does alot of what I'm looking for, and works very nice actually. Have you ever tried it? http://oss.gonicus.de/ Thanks again, your feedback is giving me the direction I need. I've been frustrated, but still want to convert over to linux only servers. I'm not giving up! |
> Thanks for responding, I appreciate the feedback. You make your point
> clear enough, a little harsher than what I was expecting, but still > very useful and informative. I've been doing this a long time. And hey, you think it is hard now? Try doing it in 1997! :) > I have been reading the books, and I do understand the theory, the > basics are not that hard. My problem has been getting the software to > actually work correctly. Something always doesn't work, and I struggle > to fix to no avail. There is a new admin manual for OL 2.4.x That should help, it is more robust than the previous versions. > As for writing my own management interface, and writing my own scripts, > I have to wonder why? Why are their a zillion scripting languages: perl, python, boo, PHP, ruby, etc... Why are there so many LINUX distributions? Allot of work is expended on things that are so trivially different that it can only be described as "stupid". Why? Ever try to get 30 sys-admins to agree on how something should be done? Shhheeesshhh. That is the *real* advantage of Microsoft's stuff - they effective TELL YOU how it will be organized, what attributes mean what, how things should be connected, etc... With Open Source everyone hoes-their-own-row, and rarely does a model gain enough consensus to merit the term "adopted". I run an almost entirely Open Source network, and I'm a developer in a couple of Open Source projects, but there is no denying this is a very serious flaw. > Why re-invent the wheel? Why does everyone re-invent the wheel? Because they can. And because there is no decent off-the-shelf wheel. LDAP and Dit design are really hard (to do well). So everyone just solves their own problem (the nature of Open Source after all: benevolent self-gratification). For a real common solution someone would have to create a secure, highly-configurable (probably rule-based), set of integration tools. That is really really hard. > You said yourself every shop has their custom software, and I can > understand the necessity of a custom solution, but out of all these > shops, there must be plenty of scripts and software that meet generic > needs. Perhaps, but I can look at our stuff and see that it is so entwined with the structure of the network/Dit and other tools in use that once removed it is essentially a useless glob of bits. Remember that each site may have different security policies (including LDAP ACLs), role policies, not to mention custom schema. If you have custom schema most generic tools trounce on it [see mention of a "secure, highly-configurable (probably rule-based), set of integration tools" above]. > Surely there are thousands of scripts/interfaces out there that can be > used for a generic solution for small organizations. But a [simple] generic solution implies the existence of a generic installation/configuration. > You probably have some standard scripts/apps you install on every > server you build, especially in your classes as an instructor. No, I have a standard etc/ldap.conf and etc/openldap/openldap.conf file for each network. That is about it. The only place with real "scripts" is the PDC for creation of accounts, etc... And those aren't at all generic. > Are they closely guarded secrets? No, their just crap however. Writing a script/program to create an account in LDAP is trivial - but it will almost certainly automatically embed in itself knowledge of your security practices and Dit organization. I'd say if you can't write such a script yourself, implying sufficient knowledge of what an account-in-LDAP means, then you aren't really to deploy LDAP. > Or have they been released, and I just failed to find them in my > searching? I'm no suprised. > Also, you mentioned systems management platforms don't exist. I found > the GOsa project, and have gotten most of it working. It does alot of > what I'm looking for, and works very nice actually. Have you ever > tried it? I think I tried it some time ago, perhaps it has gotten better. But most of the tools I've tried have been very disappointing in that they assume many things about your Dit/Schema/security. Many of them are almost-but-just-not-quite. http://oss.gonicus.de/ Thanks again, your feedback is giving me the direction I need. I've been frustrated, but still want to convert over to linux only servers. I'm not giving up![/QUOTE] |
GOsa is in Etch and Testing/Unstable. Backport of latest?
Quote:
I use the Etch backports repository for the latest version of BackupPC, which is a very handy backup solution because the latest version can be completely configured via the web interface. -Mark |
Quote:
Thanks, I wondered about that too. Cajus (GOsa creator) said in one of the mailing list emails that the Sarge version works on Etch too. I did find it on the GOsa site, here: ftp://oss.gonicus.de/pub/gosa/debian/ It's the GOsa 2.5.13 for Debian Sarge, but it installed on Etch without a hitch! God I love Debian. I can't believe how easy it is to get everything working on debian. In just one week, I'm already further than I got spending a year on suse. LDAP, Samba and GOsa all work great! I'm in the process of adding opengroupware to the server, and maybe some of the other apps GOsa supports like pureftp, gofax etc. I've found some old Debian Sarge how-to's, and have updated them to work on Etch. I'm suprised there aren't any Etch how-to's out there yet. Will share when they are ready. Thanks for the BackupPC suggestion, you just solved that issue for me :) |
| All times are GMT -5. The time now is 03:28 AM. |