I have succesfully used libpst (http://www.five-ten-sg.com/libpst/) to import pst files. I cannot remembeer since when, but longer than one year ago at least.
So this was already possible (and not thanks to them, by the way).
Well, I am no native speaker so I had to google what you meant about 'twat'.
I was quoting your remark about how "unusual" registry editing was in windows and you start calling me names. I guess that says it all about you and your 'arguments'.
I will repeat it (you just try to read it slowly so that your synaptic pathways do not get damaged in the meantime): if you use windows, you edit the registry all the time (even if you do not know that you do so).
I know your reaction was knee-jerk, but just in case you didn't know, unix machines can also be configured by policy (cfengine/puppet) and single sign ons originated in the unix world (kerberos). The freeipa project http://freeipa.org/ already has a working nice kerberos+ldap solution with integrated multimaster replication and quite easy to set-up (version 1.2, if I recall correctly). Version 2 will come shortly and it will be even easier). I know, I know, first I have to see it.
You can now join linux/solaris clients to a freeipa kerberos domain in a very similar way as to how you join a window machine to a windows domain. You have delegation of tasks for junior staff and it just works. Why has it taken so long? Good question, ask the big linux players (google, ibm) why they were not interested in this. Red Hat started it and they are actively developing it right now.
I am sure there is something similar for other desktop environments. Just use this info with cfengine/puppet and off you go.
Apparently the freeipa (http://freeipa.org) project are busy with something really integrated for policy settings, it should be soon ready (the authorization stuff is already there, so no nis for me thankyouverymuch).
The big difference is that Registry editing is extremely uncommon in Windows. Trawling through textfiles in Linux (or BSD) is - ironically - something you're almost certainly going to have to do as soon as you step off the narrow path of basic setup and usage.
I beg to differ. As a windows/linux/esx sysadmin I edit the registry of the windows machines on a daily basis.
The registry is the configuration system of windows, so even if you are clicking bottoms, the settings will be saved in hives. My point is: even if you do not know it, if you use windows, you edit the registry with nearly every mouse click.
Manufacturers bring out "updates" to fix problems that are in fact just modifiying a few registry keys. But users can apparently not use regedit to do that, so companies bring a hotfix out with autoit as an executable to just change the value of a key. The customer just clicks on the installer and follows a wizard, that is what he/she is used to.
Where I work I frequently use the cli to automate windows servers. You should try it, it may surprise you that it works pretty well.
As to file permissions in samba shares, maybe you should learn about sticky bits for group permissions.
It is also worth noting that ntfs acls are not the same as posix acls; even then, using a management system as cfengine would ensure that the permissions in the shares would be correct without the admins' intervention once the system is setup. No need to login to the server to change a permission. You use group policy for your windows clients and servers, use unix policies for your unix clients and servers then:-) (cfengine, puppet, chef, choose your poison).
As to your mention that the 2008 r2 server merely joined the domain, sorry, you misread the article:
This was the first time that Samba4 had hosted an AD domain that a Windows DC found sufficiently acceptable to replicate the whole directory, and be comfortable to set itself up as a peer domain controller.
So basically, the 2008 r2 server became a domain controller inside a samba 4 domain. It replicated the database. Sure, it is not production ready *yet*. There are sites running it in production though (with some 300 clients, if I recall correctly). It is getting there. Sooner than you think now;-)
Your point about usermapping is completely irrelevant, by the way. If you install s4 now you just join a winxp to the domain with its adminpak and manipulate users from dsa.msc or the dstools. What's the problem then? Most admins will never know they are talking to a linux domain controller.
My point exactly. Too bad I do not have mod points:)
Asset Tracker is a great project. Yes, it is a bit of a 'pain' to set up, but so is any asset tracking software. At work we have had a consultant at least 3 weeks working intensively with one of our team to get another solution installed. That is 3 weeks consultant's salary plus 3 weeks salary of one of the team. The other solution sucks, but hey, it costs a lot of money and it is 'supported'.
Asset Tracker lets you build your solution just like you have to do with other packages. But it costs you nothing if you do it yourself. If you already have a working knowlegde of how Request Tracker works, it should not cost you a lot of time to have it working.
I am writing some documentation on how to install Asset Tracker and configure it. It will be released shortly, but I have no fixed deadlines (this is on my own time).
At work we have a free nx server (so the 'difficult' one to install, that is) for a quite a few thin clients. At this moment it is not particularly busy and we have 11 users (this is a browsing server, the thin clients only start firefox as a kiosk in the nx server).
I have no experience with zimbra, but zarafa really is an exchange substitute. The webaccess is amazing (working perfectly in firefox or other browsers), you can open several mailboxes in the web ui, it has push email that works with all active-sync devices and it really works as outlook users expect. It is opensource (AGPL) and they offer rpm, debs and sources.
They have great documentation, great support and as a whole, great product.
For hosters it is a killer too, you can set it up for multiple companies, each one with their own global address book.
You can store attachements in the file system instead of in the database (mysql). In their 'community' edition you even get 3 simultanous outlook users if you want that. But why would you want outlook if you don't have roadwarriors? If you do, then yes, you may need it.
Oh yes, before I forget, another great feature is the 'restore' button. Users can 'undelete' their deleted items (even from the trashbin!) up to 30 days after deleting them (all is configurable, period can be shorte or longer). Admins even have access to the deleted mailboxes of people whose accounts have been terminated for a similar period of time, so no need to dig up tapes anymore.
you've obviously never done tech support for office people. Very smart guys and girls, who have studied long years and still use winword.exe to browse their filesystem (you will notice when they call you panicking because all their files are gone: yes, they try opening excel sheets from winword and if you do not choose show all files, only word files are shown then).
So do not give me that crap. Users know very little about computers or applications (which is also the reason most IT guys and girls have jobs).
They just know winword = typewriter that can print documents after checking the spelling; oulook = something to send/open silly powerpoint attachments with; excel = for when they need printing something with a table in it. This caracterizes 99% of all their business needs. The other 1% is usually a webapp or with the company's database application.
Do you really think those people need ms office in their netbooks. Of course not. They just want to have what they use at work. So if at work they start using openoffice.org...
And the reason why you could not virtualize windows xp inside linux is...?
I mean, if you want your developpers to have a mac mini, by all ways, do it. Do no try to bullshit us saying that your guys are happier now because they run xp on parallels, you know xp can easily run virtualized under linux. O, you didn't? Well, now you know;-)
By the way: it has been ages since I have had to recompile a kernel. Are you using gentoo or something like that? You know, some people just install ubuntu or fedora or debian and get on with their lives. Stuff just works nowadays (I re-read your post and see that your experiences are 8 years old. Maybe you should not be so fast to prejudge what you obviously do no longer know so well).
I am a sysadmin at a citrix/vmware shop. My desktop is fedora, I quite like seeing how linux improves every 6 months. Every 6 months I download the iso, install it and in 20 minutes am ready (2 monitors, citrix client, openoffice, flash, java, ready for action in our network). 20 minutes, that's all it takes. No fiddling around with drivers, no kernel recompiling. Nothing. I spent much more time helping our webmaster configure his brandnew mac box, go figure.
It gets even boring, actually. Installing printers is just a matter of point, klik, point, klik, enter ip address of network printer, wait, yes, this is a sharp or a hp or a brother, it detects the right driver and installs it. It no longer is funny:-), it just works. And for outlook, I just launch a citrix session and use it in citrix. This will probably change in the next Fedora, because it comes with the first free mapi client integrated into Evolution. We will see how that works.
I am surprised that noone here seems to have heard of freeipa (http://www.freeipa.org).
The actual release (1.2.1) is "just" a distributed (ldap) kerberos implementation. You can easily create keytabs and redistributed to the services (host, cifs, nfs). It is nice, but not yet there (although for those who have tried setting kerberos and ldap together in unix, this is surprisingly easy to do.
In the next release (april, may this year) there will be cached credentials, group policy, dns integration, ntp integration,...
Well, you did not search properly. You can have RT authenticate to any ldap server (so also AD); setting it up does not involve using a mouse, though. You'll have to use a text-editor (an ability that seems very rare nowadays). Oh, and read some documentation. But it works, I know that for sure.
you really did not look well into it: http://bestpractical.com/rtfm/ ; rtfm is really simple and useful, it works great.
As to your complaints about RT's performance: I am sorry, I cannot recognize any of it. Were you using (old) pc hardware for the RT server? What OS did you install RT on? There has been quite a big problem with the perl version that redhat installed in their OS, so maybe you were bitten by it.
I have run RT with a stock debian etch install and following the fine instructions that came with the distribution getting it working was a mere 20 minutes (ok, ok, I am a linux sysadmin, so I actually do read the docs, so maybe I am cheating). Our production RT was a proliant 360 dl g4 with 4GB ram (quad core xeon, nothing really fancy and it is now at least 3 years old, I am too lazy to look it up now). This is our intranet/internet webserver, being constantly pounded by quite a few webapps by 1500 users. I have not seen any performance issues at all.
Just because it is linux, it doesn't mean that it can make miracles. A database server remains a database server, and you need the hardware for it: fast disks are a must. if you have a virtual environment with fast disks i am pretty sure it will also run without problems.
Since there is no official asset support module, our company moved to topdesk and i can positively tell you that I miss RT a lot while doing tech support to our users. The search function is brain dead, the workflow is brain dead and the web interface is brain dead. It wants to be a desktop app with tabs and that sort of stuff and that really slows you down. RT is fast, simple and like they say in their website:
Help requests without my RT remind me of TV without using TiVo to skip commercials: I can only stand it for a short while
Unfortunately, the asset tracker extension is not part of RT, hopefully this changes in the future (http://code.google.com/p/asset-tracker-4rt/)
mmm, unfortunately, no. In my years as a sysadmin, I have only met 2 genuinely interested people in learning things. The rest of my colleagues (around 40 sysadmins, probably more) are absolutely against learning stuff for the sake of it. If there is not a gui, they will not touch it, for instance.
So, no, not all IT and admin types are more open to change; hell, they hate change most of the time.
2 days ago I installed samba 4 in a virtual environment. I donwloaded a debian lenny cd, installed a standard server plus some development tools (build-essential) and followed the instructions in the samba wiki: http://wiki.samba.org/index.php/Samba4/HOWTO. In half an hour I had a kerberos/ldap/rpc domain controller. Joining windows xp pro or win2k3 machines to this domain was a no brainer. I installed the standard microsoft tools (adminpak.msi, resource kit, resource tools) and I can now manage this linux AD from a windows xp with ADUC(dsa.msc), the dstools, the group policy manager,...
So basically, any of my microsoft colleagues can manage this linux AD installation. Heck, they would not know that this is a windows AD except for the fact that they cannot login the server with the remote desktop client:-); I guess we should call it AD server linux core edition:-)
the poing was and still is that using the registry editor is for the average person as confusing as using vi(m).
In order for someone to (properly) understand what they are doing while using regedit, you would have to explain what a hive is, what the main hives are, which hive to open for systemwide settings, which one for his/her user, which one for the default user in case he/she needs to change something for every new user to that machine, how to backup the registry in case the feces hit the fan... It is quite a bit, actually.
On the other hand, you could give someone who can read (yes, this is a necessity) a unix shell and ask them to type vimtutor en then press enter. After 20 minutes on their own, they would be good to go. Besides, you do not need to use vi(m), you can use joe or for the sake of it, gedit in a graphical environment. No training needed, just edit a textfile and save it.
So, do you still think that regedit is such a good idea? Good for you.
I think he was being a bit sarcastic when asking that. Window users always ask 'is it true I have to use a cli for doing this in linux?'
Your answer that it is pretty simple *if you already know how to use it* proves that what he wanted to achieved worked, he trolled you:-)
hey, vi is pretty simple *if you already know how to use it*:)
Slashdot Mirror
They obviously do not know windows either ..., otherwise they would not need his/her help. So your argument does not really stand.
I have succesfully used libpst (http://www.five-ten-sg.com/libpst/) to import pst files. I cannot remembeer since when, but longer than one year ago at least.
So this was already possible (and not thanks to them, by the way).
Well, I am no native speaker so I had to google what you meant about 'twat'.
I was quoting your remark about how "unusual" registry editing was in windows and you start calling me names. I guess that says it all about you and your 'arguments'.
I will repeat it (you just try to read it slowly so that your synaptic pathways do not get damaged in the meantime): if you use windows, you edit the registry all the time (even if you do not know that you do so).
Did you survive it? Good for you.
Have a nice day you too.
I know your reaction was knee-jerk, but just in case you didn't know, unix machines can also be configured by policy (cfengine/puppet) and single sign ons originated in the unix world (kerberos). The freeipa project http://freeipa.org/ already has a working nice kerberos+ldap solution with integrated multimaster replication and quite easy to set-up (version 1.2, if I recall correctly). Version 2 will come shortly and it will be even easier). I know, I know, first I have to see it.
You can now join linux/solaris clients to a freeipa kerberos domain in a very similar way as to how you join a window machine to a windows domain. You have delegation of tasks for junior staff and it just works. Why has it taken so long? Good question, ask the big linux players (google, ibm) why they were not interested in this. Red Hat started it and they are actively developing it right now.
It takes time, but good stuff happens eventually.
http://lmgtfy.org/?q=gnome+lock-down
I am sure there is something similar for other desktop environments. Just use this info with cfengine/puppet and off you go.
Apparently the freeipa (http://freeipa.org) project are busy with something really integrated for policy settings, it should be soon ready (the authorization stuff is already there, so no nis for me thankyouverymuch).
The big difference is that Registry editing is extremely uncommon in Windows. Trawling through textfiles in Linux (or BSD) is - ironically - something you're almost certainly going to have to do as soon as you step off the narrow path of basic setup and usage.
I beg to differ. As a windows/linux/esx sysadmin I edit the registry of the windows machines on a daily basis.
The registry is the configuration system of windows, so even if you are clicking bottoms, the settings will be saved in hives. My point is: even if you do not know it, if you use windows, you edit the registry with nearly every mouse click.
Manufacturers bring out "updates" to fix problems that are in fact just modifiying a few registry keys. But users can apparently not use regedit to do that, so companies bring a hotfix out with autoit as an executable to just change the value of a key. The customer just clicks on the installer and follows a wizard, that is what he/she is used to.
obviously mean http://ftp.isc.org/www/bind/arm95/man.named-checkzone.html
Didn't they use something like this before reloading the zone? If the mistake was a missing '.' it should've given you big warnings ...
http://ftp.isc.org/www/bind/arm95/man.named-checkconf.html
Where I work I frequently use the cli to automate windows servers. You should try it, it may surprise you that it works pretty well.
As to file permissions in samba shares, maybe you should learn about sticky bits for group permissions.
It is also worth noting that ntfs acls are not the same as posix acls; even then, using a management system as cfengine would ensure that the permissions in the shares would be correct without the admins' intervention once the system is setup. No need to login to the server to change a permission. You use group policy for your windows clients and servers, use unix policies for your unix clients and servers then :-) (cfengine, puppet, chef, choose your poison).
As to your mention that the 2008 r2 server merely joined the domain, sorry, you misread the article:
This was the first time that Samba4 had hosted an AD domain that a
Windows DC found sufficiently acceptable to replicate the whole
directory, and be comfortable to set itself up as a peer domain
controller.
So basically, the 2008 r2 server became a domain controller inside a samba 4 domain. It replicated the database. Sure, it is not production ready *yet*. There are sites running it in production though (with some 300 clients, if I recall correctly). It is getting there. Sooner than you think now ;-)
Your point about usermapping is completely irrelevant, by the way. If you install s4 now you just join a winxp to the domain with its adminpak and manipulate users from dsa.msc or the dstools. What's the problem then? Most admins will never know they are talking to a linux domain controller.
If MS 'patches' something that horribly breaks samba, chances are they will break something that horribly breaks win2k3 ;-)
That's a good way of making friends in a lot of places :-)
My point exactly. Too bad I do not have mod points :)
Asset Tracker is a great project. Yes, it is a bit of a 'pain' to set up, but so is any asset tracking software. At work we have had a consultant at least 3 weeks working intensively with one of our team to get another solution installed. That is 3 weeks consultant's salary plus 3 weeks salary of one of the team. The other solution sucks, but hey, it costs a lot of money and it is 'supported'.
Asset Tracker lets you build your solution just like you have to do with other packages. But it costs you nothing if you do it yourself. If you already have a working knowlegde of how Request Tracker works, it should not cost you a lot of time to have it working.
I am writing some documentation on how to install Asset Tracker and configure it. It will be released shortly, but I have no fixed deadlines (this is on my own time).
At work we have a free nx server (so the 'difficult' one to install, that is) for a quite a few thin clients. At this moment it is not particularly busy and we have 11 users (this is a browsing server, the thin clients only start firefox as a kiosk in the nx server).
I have no experience with zimbra, but zarafa really is an exchange substitute. The webaccess is amazing (working perfectly in firefox or other browsers), you can open several mailboxes in the web ui, it has push email that works with all active-sync devices and it really works as outlook users expect. It is opensource (AGPL) and they offer rpm, debs and sources.
They have great documentation, great support and as a whole, great product.
For hosters it is a killer too, you can set it up for multiple companies, each one with their own global address book.
You can store attachements in the file system instead of in the database (mysql). In their 'community' edition you even get 3 simultanous outlook users if you want that. But why would you want outlook if you don't have roadwarriors? If you do, then yes, you may need it.
Oh yes, before I forget, another great feature is the 'restore' button. Users can 'undelete' their deleted items (even from the trashbin!) up to 30 days after deleting them (all is configurable, period can be shorte or longer). Admins even have access to the deleted mailboxes of people whose accounts have been terminated for a similar period of time, so no need to dig up tapes anymore.
As a whole, great (opensource) software.
I can recommend this book (it uses cfengine extensively): Automating Linux and Unix System Administration, Second Edition
gimme a break :)
you've obviously never done tech support for office people. Very smart guys and girls, who have studied long years and still use winword.exe to browse their filesystem (you will notice when they call you panicking because all their files are gone: yes, they try opening excel sheets from winword and if you do not choose show all files, only word files are shown then).
So do not give me that crap. Users know very little about computers or applications (which is also the reason most IT guys and girls have jobs).
They just know winword = typewriter that can print documents after checking the spelling; oulook = something to send/open silly powerpoint attachments with; excel = for when they need printing something with a table in it. This caracterizes 99% of all their business needs. The other 1% is usually a webapp or with the company's database application.
Do you really think those people need ms office in their netbooks. Of course not. They just want to have what they use at work. So if at work they start using openoffice.org ...
And the reason why you could not virtualize windows xp inside linux is ...?
I mean, if you want your developpers to have a mac mini, by all ways, do it. Do no try to bullshit us saying that your guys are happier now because they run xp on parallels, you know xp can easily run virtualized under linux. O, you didn't? Well, now you know ;-)
By the way: it has been ages since I have had to recompile a kernel. Are you using gentoo or something like that? You know, some people just install ubuntu or fedora or debian and get on with their lives. Stuff just works nowadays (I re-read your post and see that your experiences are 8 years old. Maybe you should not be so fast to prejudge what you obviously do no longer know so well).
I am a sysadmin at a citrix/vmware shop. My desktop is fedora, I quite like seeing how linux improves every 6 months. Every 6 months I download the iso, install it and in 20 minutes am ready (2 monitors, citrix client, openoffice, flash, java, ready for action in our network). 20 minutes, that's all it takes. No fiddling around with drivers, no kernel recompiling. Nothing. I spent much more time helping our webmaster configure his brandnew mac box, go figure.
It gets even boring, actually. Installing printers is just a matter of point, klik, point, klik, enter ip address of network printer, wait, yes, this is a sharp or a hp or a brother, it detects the right driver and installs it. It no longer is funny :-), it just works. And for outlook, I just launch a citrix session and use it in citrix. This will probably change in the next Fedora, because it comes with the first free mapi client integrated into Evolution. We will see how that works.
I am surprised that noone here seems to have heard of freeipa (http://www.freeipa.org).
The actual release (1.2.1) is "just" a distributed (ldap) kerberos implementation. You can easily create keytabs and redistributed to the services (host, cifs, nfs). It is nice, but not yet there (although for those who have tried setting kerberos and ldap together in unix, this is surprisingly easy to do.
In the next release (april, may this year) there will be cached credentials, group policy, dns integration, ntp integration, ...
Roadmap: http://freeipa.org/page/Roadmap
Did you miss point 3 ?
Well, you did not search properly. You can have RT authenticate to any ldap server (so also AD); setting it up does not involve using a mouse, though. You'll have to use a text-editor (an ability that seems very rare nowadays). Oh, and read some documentation. But it works, I know that for sure.
you really did not look well into it: http://bestpractical.com/rtfm/ ; rtfm is really simple and useful, it works great.
As to your complaints about RT's performance: I am sorry, I cannot recognize any of it. Were you using (old) pc hardware for the RT server? What OS did you install RT on? There has been quite a big problem with the perl version that redhat installed in their OS, so maybe you were bitten by it.
I have run RT with a stock debian etch install and following the fine instructions that came with the distribution getting it working was a mere 20 minutes (ok, ok, I am a linux sysadmin, so I actually do read the docs, so maybe I am cheating). Our production RT was a proliant 360 dl g4 with 4GB ram (quad core xeon, nothing really fancy and it is now at least 3 years old, I am too lazy to look it up now). This is our intranet/internet webserver, being constantly pounded by quite a few webapps by 1500 users. I have not seen any performance issues at all.
Just because it is linux, it doesn't mean that it can make miracles. A database server remains a database server, and you need the hardware for it: fast disks are a must. if you have a virtual environment with fast disks i am pretty sure it will also run without problems.
Since there is no official asset support module, our company moved to topdesk and i can positively tell you that I miss RT a lot while doing tech support to our users. The search function is brain dead, the workflow is brain dead and the web interface is brain dead. It wants to be a desktop app with tabs and that sort of stuff and that really slows you down. RT is fast, simple and like they say in their website:
Help requests without my RT remind me of TV without using TiVo to skip commercials: I can only stand it for a short while
Unfortunately, the asset tracker extension is not part of RT, hopefully this changes in the future (http://code.google.com/p/asset-tracker-4rt/)
mmm, unfortunately, no. In my years as a sysadmin, I have only met 2 genuinely interested people in learning things. The rest of my colleagues (around 40 sysadmins, probably more) are absolutely against learning stuff for the sake of it. If there is not a gui, they will not touch it, for instance.
So, no, not all IT and admin types are more open to change; hell, they hate change most of the time.
2 days ago I installed samba 4 in a virtual environment. I donwloaded a debian lenny cd, installed a standard server plus some development tools (build-essential) and followed the instructions in the samba wiki: http://wiki.samba.org/index.php/Samba4/HOWTO. In half an hour I had a kerberos/ldap/rpc domain controller. Joining windows xp pro or win2k3 machines to this domain was a no brainer. I installed the standard microsoft tools (adminpak.msi, resource kit, resource tools) and I can now manage this linux AD from a windows xp with ADUC(dsa.msc), the dstools, the group policy manager, ...
So basically, any of my microsoft colleagues can manage this linux AD installation. Heck, they would not know that this is a windows AD except for the fact that they cannot login the server with the remote desktop client :-); I guess we should call it AD server linux core edition :-)
Samba people: THANKS!!!! The salvation is close.
the poing was and still is that using the registry editor is for the average person as confusing as using vi(m).
In order for someone to (properly) understand what they are doing while using regedit, you would have to explain what a hive is, what the main hives are, which hive to open for systemwide settings, which one for his/her user, which one for the default user in case he/she needs to change something for every new user to that machine, how to backup the registry in case the feces hit the fan ... It is quite a bit, actually.
On the other hand, you could give someone who can read (yes, this is a necessity) a unix shell and ask them to type vimtutor en then press enter. After 20 minutes on their own, they would be good to go. Besides, you do not need to use vi(m), you can use joe or for the sake of it, gedit in a graphical environment. No training needed, just edit a textfile and save it.
So, do you still think that regedit is such a good idea? Good for you.
I think he was being a bit sarcastic when asking that. Window users always ask 'is it true I have to use a cli for doing this in linux?' Your answer that it is pretty simple *if you already know how to use it* proves that what he wanted to achieved worked, he trolled you :-)
hey, vi is pretty simple *if you already know how to use it* :)