I’ve finally given up on trying to using Samba as a primary domain controller (PDC). After spending many many hours trying to configure Samba to work with OpenLDAP as well as many posts on the LinuxQuestions forums I have still not solved the problem. The frustrating thing is that I’m pretty sure that someone with loads of experience in managing this kind of system could solve it in 5 minutes.
So now I am moving to Microsoft Active Directory (AD). Good idea? Probably not but them again, I did manage to get the domain up and running in a morning. This however caused a couple of problems:
- When installing Active Directory, Windows locks down everything on the server in order to prevent unauthorized use of the applications installed on it. The idea here is that only administrators should be able to log on as a local user of the server box. This however has had the unfortunate consequence that SharePoint no longer works. According to the error log, the SQL server cannot be contacted. Arg! Now I have to troubleshoot the SQL server.
- Active Directory relies heavily on DNS and the recommended solution is to install a DNS server on the AD box and let it use that instead of the normal DNS server. This necessitated the removal and re-installation of AD, this time installing a local DNS server and configuring it to work together with AD. I started an hour a half ago and I was still waiting for DNS to be configured (see screen shot below).
Well, its a good job I decided to write this because I noticed another little task bar item requesting insertion of the Windows CD. WTF didn’t this pop up? WTF did it simply appear minimized to the taskbar? /swearswindowsloudly
So no I’m on my way again. AD and DNS is installed and the server is restarting. Now I need to configure:
- DNS (must reference DNS server running on firewall)
- AD (myself as dummy user, I must be able to logon to the domain)
- Terminal Server (change group security policy)
- SharePoint (fix SQL error although I have no idea how)
- Samba (to share home directories on linux server)
- OpenLDAP (must talk to AD to authenticate linux boxes)
And then, finally I must rewrite all my how-tos to take account of the new configuration.