|
Powdered Toast Man posted:How can I convince my boss that in the real world, sometimes Windows is necessary (in our case, we have Windows client machines that aren't going away for various reasons), and trying to kludge something with OpenLDAP or Samba4 to replace Active Directory is a bad idea? Samba4 actually is AD, and will do everything you want. The best argument is that the real reason to have AD is to manage Windows machines. Why do you want to dump unmanaged machines (Samba DCs) into your environment?
|
#
?
Dec 11, 2013 20:09
|
|
|
|
| # ? Apr 19, 2024 23:00 |
|
|
Give them a quote for roughtly what it will cost in your time to figure out how to roll a poor-man's AD instead of a couple of Windows Server licenses. Complete with a side-by-side comparison of what features still won't exist in the DIY version.
|
|
#
?
Dec 11, 2013 20:15
|
|
|
quicksand posted:It sounds more likely that it is fixed fee and the PM is trying to keep his resources at a certain utilization rate to justify something to someone. Quicksand has the truth of it. edited because time sheet poo poo is boring. Agrikk fucked around with this message at 20:58 on Dec 11, 2013 |
|
#
?
Dec 11, 2013 20:37
|
|
|
Caged posted:Give them a quote for roughtly what it will cost in your time to figure out how to roll a poor-man's AD instead of a couple of Windows Server licenses. Complete with a side-by-side comparison of what features still won't exist in the DIY version. Exactly, this is a no brainier. Server licenses are under 1K a pop these days right?
|
|
#
?
Dec 11, 2013 20:55
|
|
|
Someone's mad at me because I can't urgently get something off a 8" floppy for them.
|
|
#
?
Dec 11, 2013 21:00
|
|
|
evol262 posted:Samba4 actually is AD, and will do everything you want. Samba4 is also still beta (I think) and has so many weird quirks that its not worth the hassle (at least right now). It also doesn't currently replicate GPOs to multiple DCs. You may save up front but it will cost you a hell of a lot in time. We run Samba4 as our AD and its a pain in the rear end and seems to require a lot of baby sitting.
|
|
#
?
Dec 11, 2013 21:04
|
|
|
Caged posted:Give them a quote for roughtly what it will cost in your time to figure out how to roll a poor-man's AD instead of a couple of Windows Server licenses. Complete with a side-by-side comparison of what features still won't exist in the DIY version. If you need to get a quote for "install Samba4, provision with built-in tool, manage with regular AD tools", you're doing something wrong. The only feature that's notably missing in Samba4 is cross-domain trusts, but since the Samba devs are working hand-in-hand with Microsoft now, there's effectively nothing missing. This is the wrong tact to take if he knows anything about Samba4, because it won't lose on technical merits here. You need to make a business case. A c E posted:Samba4 is also still beta (I think) and has so many weird quirks that its not worth the hassle (at least right now). It also doesn't currently replicate GPOs to multiple DCs. You may save up front but it will cost you a hell of a lot in time. Samba4 got released a year ago after years of beta. GPO replication is a problem, but a solved one that's trivial to implement. I'm not recommending Samba4 over AD, but it's not Samba3 NT-style domains anymore, and most of the big technical hurdles are gone.
|
|
#
?
Dec 11, 2013 21:05
|
|
|
EAT THE EGGS RICOLA posted:Someone's mad at me because I can't urgently get something off a 8" floppy for them. I'm not even sure how quickly I'd be able to grab something off of a 3.5" floppy. I have drives, but the majority of our systems don't even have a floppy connector. I do have a USB floppy drive... somewhere.
|
|
#
?
Dec 11, 2013 21:08
|
|
|
evol262 posted:Samba4 got released a year ago after years of beta. GPO replication is a problem, but a solved one that's trivial to implement. quote:This HowTo describes a solution for SysVol replication, that is based on rsync. As the nature of this tool, it is unidirectional. This means, files can only be transfered in one direction. That's why for rsync-based SysVol replicaton, you have to choose one DC, on which you do all modifications (GPO edits, logon script changes, etc.). And all other DCs are retrieving the changes from this host, because modifications on them are overwritten when syncing. So really "manage with regular AD tools" means "manage with regular AD tools, with some caveats that if you forget about means your changes will get overridden". I can see the value in open source but Active Directory is a problem that's been solved and is relatively inexpensive to implement. Doing it the Samba way doesn't gain you anything.
|
|
#
?
Dec 11, 2013 21:14
|
|
|
Powdered Toast Man posted:How can I convince my boss that in the real world, sometimes Windows is necessary (in our case, we have Windows client machines that aren't going away for various reasons), and trying to kludge something with OpenLDAP or Samba4 to replace Active Directory is a bad idea? If you put Windows in the server room then you have to deal with CALs. Using a cloud provider would be a much better idea than doing some homebrew cowboy poo poo with half baked Linux software
|
|
#
?
Dec 11, 2013 21:18
|
|
|
Yes but even with the cost windows is still much more efficient and easier to let others maintain.
|
|
#
?
Dec 11, 2013 21:31
|
|
|
Caged posted:How does that qualify as solved? Hacked around maybe, but it's not fixed. Caged posted:So really "manage with regular AD tools" means "manage with regular AD tools, with some caveats that if you forget about means your changes will get overridden". Caged posted:I can see the value in open source but Active Directory is a problem that's been solved and is relatively inexpensive to implement. Doing it the Samba way doesn't gain you anything.
|
|
#
?
Dec 11, 2013 21:31
|
|
|
dogstile posted:Yeah I made the mistake of opening up a powershell book in front of the manager and he responded by throwing five tickets in my name. Looks like i'm doing that study thing another time. A good choice all the same, Powershell is a super useful tool, and I wish I'd started using it years before I did. rolleyes posted:At this point I feel obliged to remind everyone that YOTJ actually does have an SAclopedia entry: Also I would like to mention that although we joke a lot about alcohol abuse, alcoholism is a serious disease. If your drinking is impacting your professional or home life or your health and you still can't stop drinking, please ask for help. There are resources available to help you stop if you can't do it on your own.
|
|
#
?
Dec 11, 2013 21:33
|
|
|
EAT THE EGGS RICOLA posted:Someone's mad at me because I can't urgently get something off a 8" floppy for them. Jesus did you give them a referral to the local museum of science and technology?
|
|
#
?
Dec 11, 2013 21:40
|
|
|
TWBalls posted:I'm not even sure how quickly I'd be able to grab something off of a 3.5" floppy. I have drives, but the majority of our systems don't even have a floppy connector. I do have a USB floppy drive... somewhere. Apparently floppy disk drives are making a bit of a comeback, among...musicians?? https://www.youtube.com/watch?v=Xk_XaJ7gE4Q
|
|
#
?
Dec 11, 2013 21:41
|
|
|
Sirotan posted:Apparently floppy disk drives are making a bit of a comeback, among...musicians?? yeah they are pretty cool https://www.youtube.com/watch?v=2lq34Ob7Gsg I like the one under my avatar but Daft Punk and Floppy music are made for eachother.
|
|
#
?
Dec 11, 2013 21:43
|
|
|
Paladine_PSoT posted:Did you ask how the company's commitment will effect your next paycheck? And the next performance review will state "Not a team player". Powdered Toast Man posted:How can I convince my boss that in the real world, sometimes Windows is necessary (in our case, we have Windows client machines that aren't going away for various reasons), and trying to kludge something with OpenLDAP or Samba4 to replace Active Directory is a bad idea? Honestly as someone who started as a Linux guy and moved into NT architecture back when Win2k was "As good as it got" I can't really understand the wild desire to piss on every single commercial offering of everything that ever existed. Active Directory is one of those things I can't really be mad at Microsoft about. Windows 8 UI? Sure. Vista? Why not. Hell I'm down with hating both Exchange and Sharepoint. But AD? That's like hating white socks. There's no point investing the mental effort into it. Rhymenoserous fucked around with this message at 22:01 on Dec 11, 2013 |
|
#
?
Dec 11, 2013 21:53
|
|
|
mllaneza posted:I got a Nortel service tech banned from my site. I was yelling when I made that call. Always a slob, no shower for a week of heavy drinking, smelled exactly as bad as you'd think. And they only agreed to quit sending him out when he put a bad board in our PBX and cost us a bunch of money. Y'know, I usually have those incompetent bastards blocked out of mental roll of incompetent telecom companies. I had almost forgotten Larry. Good news (for me anyway)! The tech from Nuance screwed up another job on Saturday, which pissed off the Radiology Director, so he called Nuance who then promised to not send this tech anymore. Halle-fuckin'-lujah! Every time this guy showed up, we knew it was going to be at least a 2 day job. For reference: TWBalls posted:Yeah, the Rad. Dir. said that he was getting mad that it seemed like he was having to restart services every other day. Finally, it stopped communicating on the network altogether. They sent a tech to replace the motherboard. The tech somehow botched that. He blames it on the fact that they didn't send a CPU extraction tool so that he could easily swap the processor from the bad motherboard to the new one. After he screwed that up (This processor has a flaw
|
|
#
?
Dec 11, 2013 22:36
|
|
), the Rad. Dir. had him make the test server the temporary production server. He fumbled his way through that. I just heard that they didn't get out of here until 2AM.
|
Sirotan posted:Apparently floppy disk drives are making a bit of a comeback, among...musicians?? I've posted a couple of videos of those on Facebook. Pretty neat. Better than going to the dump at least.
|
|
#
?
Dec 11, 2013 23:08
|
|
|
TWBalls posted:I've posted a couple of videos of those on Facebook. Pretty neat. Better than going to the dump at least. I just watched the Ghostbusters one, grinning like a fool. If your early computer days were seasoned with the sounds of floppy drives you'll understand.
|
|
#
?
Dec 11, 2013 23:14
|
|
|
Dick Trauma posted:I just watched the Ghostbusters one, grinning like a fool. If your early computer days were seasoned with the sounds of floppy drives you'll understand. Yup. We had an old Tandy (can't remember the model) that booted off of floppies. We also had old Apple systems at Elementary school that ran on 5.25" floppies that we used to play Number Munchers on. Good times. 
|
|
#
?
Dec 11, 2013 23:53
|
|
|
Fair enough, we haven't yet set up an rsync task to replicate sysvol and its a pain being able to manage Edit: I do agree with everything you've said evol262 posted:This misses the point, which is that the perception of Samba is one of barely-works NT4-style domains plus random LDAP servers, and rsync is orders of magnitude simpler than what it even took to get GPO working in Samba3. This is us, except it's because we have no IT budget. Though I do prefer FreeBSD or Linux over Windows anything, time and place and all that. A c E fucked around with this message at 00:02 on Dec 12, 2013 |
|
#
?
Dec 11, 2013 23:57
|
|
|
A c E posted:This is us, except it's because we have no IT budget. Though I do prefer FreeBSD or Linux over Windows anything, time and place and all that. This is us, but the demands are even more granular: "Build a server that does $service, but you have no budget, it must be regularly patched and we must elect to pay for enterprise support on a moment's notice in case something goes afoul." Our servers that solve those demands are running Ubuntu 12.04 LTS. 
Lord Dudeguy fucked around with this message at 00:47 on Dec 12, 2013 |
|
#
?
Dec 12, 2013 00:38
|
|
|
In this case we have around 120 Windows users and are only going to need one DC at the core, a Windows file server, and a combined DC/file server at our second site. We're not talking about a huge licensing cost here, and I already have servers I can use for it so the only cost is licensing, more or less. I think my boss was under the mistaken impression that it was dead simple to just throw out all the Windows servers and replace them with something, anything else because he wants to eradicate them...but he has good reason for that, because the current Windows servers and running Windows 2000. They do need to be replaced, but my opinion is that they should be replaced with...newer Windows servers. I've been loving around with Samba4 and OpenLDAP as two possibilities for a week now and it just doesn't seem practical (for reasons which have already been discussed). Our budget isn't non-existent, it's just low. It helps that he hasn't spent anything on software in ages, so I think I can probably convince him this is best.
|
|
#
?
Dec 12, 2013 00:38
|
|
|
After the fetid response of the medcarts given to the long term care facilities (large, cumbersome, paired with ThinLabs all in one units that break constantly), these new carts intended for use in the hospital seemed a lot better. They were meant to replace the COWs, had their own display for dispensing meds, and an onboard battery that could power a PC and monitor. We ended up pairing them with Lenovo M-series which seemed pretty decent despite the demo unit's HDD dying. Then the carts arrived and things started to go wrong. The carts themselves run Windows CE (  ) and can't connect to hidden SSIDs, so they ended up bridging the carts to the wireless via ICS on the Lenovos. Then the people the cart vendor sent to get everything installed and working discarded the labels on the Lenovos so when they went out to the floors they only had a 33% chance of having their location match up in AD, messing up assigned printers. Of course this necessitated overhead paging IT multiple times, then not answering the extension when we called for whatever reason (CIO didn't look happy and wanted names). Then the nurse managers changed how many were going to each floor and said four were supposed to float between the floors and needed all the printers. And now I just learned two of the carts had their screen lock up; one just had to have the management program restarted, the other is completely frozen and needs to have a fuse pulled in order to reset it. The cart vendor guy is going to show up tomorrow morning before his flight to show us how to do it and if it's anything more complicated than removing a car fuse I'm doing what I did with the LTC carts and running from anything more than token responsibility with these things.
|
|
#
?
Dec 12, 2013 02:18
|
|
|
Agrikk posted:Hah. You know, I hadn't really thought about it like that... Have you documented it yet? I mean, really documented it? http://thedailywtf.com/Articles/Very,_Very_Well_Documented.aspx
|
|
#
?
Dec 12, 2013 03:26
|
|
|
Pissing me off: People who bring in personal routers and give DHCP to 192.168.1.x, and the previous techs who thought making a valid network on 192.168.1.x to manage switches was a GREAT idea, no need for passwords because our network in 10.x.x.x! Thankfully no one seems to have messed with anything but gently caress if I know, now I need to bring up securing this mess. Best part is this has been an issue on and off for 4 months with people occasionally getting 192.168.1.x IPs but I've only really seen it either right before leaving or right before lunch and IPconfig /release /renew has always fixed it, and is the departments official fix for it. I finally got one early in the day and one where release renew didn't fix it. TELNET has a password so blocking the routers MAC wasn't going to happen so the switch go a new IP for a few minutes while I disabled DHCP on the configured consumer grade router. I still have no idea where the gently caress that thing is located.
|
|
#
?
Dec 12, 2013 03:52
|
|
|
Pissing me off, clients who won't make decisions. We have one client who had a printer die just out of warranty. We gave the boss there the options for repair about $1000, replace with a similar spec printer is about $800, or lease one with a maintenance contract. He has sat on it for about two weeks, saying he will make a decision in the next day or so. In the meantime I get called every couple of days by the person who actually uses the printer days asking what is happening and when I am going to fix her printer.
|
|
#
?
Dec 12, 2013 04:01
|
|
|
pixaal posted:Pissing me off: People who bring in personal routers and give DHCP to 192.168.1.x, and the previous techs who thought making a valid network on 192.168.1.x to manage switches was a GREAT idea, no need for passwords because our network in 10.x.x.x! Thankfully no one seems to have messed with anything but gently caress if I know, now I need to bring up securing this mess. This brings me fond memories of my college helpdesk days and bringing down the wrath of God upon anyone who did this.
|
|
#
?
Dec 12, 2013 04:16
|
|
|
Varkk posted:Pissing me off, clients who won't make decisions. Either forward the users mails to the boss or inform the user, either by email or in private that the boss has options and its out of your hands and to go bug them. My IT department doesn't buy computers so whenever a user complains about a slow computer (that actually is slow) I give try and point them in the right direction, but only if the computer actually is a piece of poo poo.
|
|
#
?
Dec 12, 2013 04:17
|
|
|
Varkk posted:Pissing me off, clients who won't make decisions. Is there a reason you have not said that you are waiting for her boss to make a decision, and that you cannot proceed until he does?
|
|
#
?
Dec 12, 2013 04:20
|
|
|
Oh they know that we are waiting on their boss to make the decision. But still seem to call us to complain. Probably because there isn't much else they can do and at least feel like they are doing something by calling us. We remind them we are waiting on their boss and tell them to give him another nudge for us.
|
|
#
?
Dec 12, 2013 04:57
|
|
|
Caged posted:Give them a quote for roughtly what it will cost in your time to figure out how to roll a poor-man's AD instead of a couple of Windows Server licenses. Money for server licenses shows up in the balance sheet, but the unpaid overtime worked by an exempt employee to try to get (and keep) some free-as-in-beer kludge working doesn't. 
|
|
#
?
Dec 12, 2013 05:46
|
|
|
Promoting a 2000 domain up will be ugly. Best to start fresh with 2k12 or 2k8r2 if you don't want to read a lot of old docs and install deprecated versions of windows (I'm probably wrong, but I'm pretty sure you need to go to 2k3 as an intermediary to modern forests). OpenLDAP isn't even recommended with Samba4 anymore. It has its own LDAP server and you should use Winbind to talk to it. Use IPA if you want a non-AD LDAP+KRB5 solution. But just use AD.
|
|
#
?
Dec 12, 2013 06:03
|
|
|
pixaal posted:Pissing me off: People who bring in personal routers and give DHCP to 192.168.1.x, and the previous techs who thought making a valid network on 192.168.1.x to manage switches was a GREAT idea, no need for passwords because our network in 10.x.x.x! Thankfully no one seems to have messed with anything but gently caress if I know, now I need to bring up securing this mess. I inherited a network built around 10.2. That's close enough to home network ranges that it makes me twitchy. Start from the top and work down. ObBOFH Down, not across.
|
|
#
?
Dec 12, 2013 06:06
|
|
|
evol262 posted:Promoting a 2000 domain up will be ugly. Best to start fresh with 2k12 or 2k8r2 if you don't want to read a lot of old docs and install deprecated versions of windows (I'm probably wrong, but I'm pretty sure you need to go to 2k3 as an intermediary to modern forests). I agree with you, I've done a 2000->2003->2008->2012 upgrade previously and honestly starting fresh with a 2k12(r2)would've probably been a better choice.
|
|
#
?
Dec 12, 2013 08:36
|
|
|
Ah, yes, jQuery UI, the premier UI framework for jQuery. Cost me and a colleague two days worth of debugging, because of a modal and z-index issues, where issue means one line of CSS. ffs.
|
|
#
?
Dec 12, 2013 11:38
|
|
|
EAT THE EGGS RICOLA posted:Someone's mad at me because I can't urgently get something off a 8" floppy for them. We had something similar happen. Luckily I found a place in Houston that would extract the data for us, cost something like $25 per disk. I never occurred to me that there would only be a few KB of data on it, or that it would be in text format. Actually, I was thinking the company's IT department was tasked with sending us this data and decided to play a prank. But, no, they just sent us original copies of some payroll records from the 80s. I wonder if that project manager actually found use for that data.
|
|
#
?
Dec 12, 2013 15:05
|
|
|
poo poo pissing me off currently: I need to find out if a certain AD user account is being used anywhere in the domain to run a service or anything, so I can change the password/disable the account without poo poo breaking. Anyone have a software for this? I vaguely remember someone mentioning something like this but can't find it.
|
|
#
?
Dec 12, 2013 15:05
|
|
|
|
| # ? Apr 19, 2024 23:00 |
|
|
evol262 posted:Use IPA if you want a non-AD LDAP+KRB5 solution. Agreed: 
|
|
#
?
Dec 12, 2013 16:12
|
|
