I’m here at work on Saturday morning, waiting for Windows to reboot again. After struggling all week to get a working domain and fix the software that Active Directory (AD) broke when I installed it I have achieved the following:
- Removed SQL server (I hope). This was incredibly messy and I ended up using a tool called “Windows Install Cleanup” available from Microsoft. Installing AD after SQL server totally f¤#%!”¤ SQL because AD changes the users and groups and SQL ends up without a valid user.
- Installed and configure a Kerberos Key Distribution Centre (KDC) on the Linux server. I have not actually ‘kerberized’ any applications yet. I cant even seem to get the PAM module on the server working with Kerberos even though the configuration file looks correct according to the example. I won’t uninstall this I will simply leave it until I need it. One day maybe I will achieve a single sign on IT environment but not today.
- Totally and completely f/&¤¤!% Windows. I even tried changing the permissions of all directories to allow everyone access to them to see if I could uninstall SQL and not even this worked.
So now I need to be philosophical about this. I must say that my brother provided a tremendous amount of help even if it didn’t end up in a viable solution. Yes, it would be ideal to not use Microsoft at all and to use only Kerberos, LDAP and Samba, but this isn’t going to happen in the amount of time I have available. By the way, if Linux, Apache, MySQL and PHP is called a LAMP stack, why not call: Linux, Kerberos, LDAP and Samba a LKLS stack (pronounced el-kills)?
The reality of the situation is that I am not a SysAdmin by profession. I am an aeronautical engineer who is learning as he goes along (often the hard way as this last week proves). My boss gives me 4 hours a week for sysadmin maintenance work and myself and my colleague get 160 hours a year (between us) to develop improvements to the IT environment (such as the domain and single sign on I am currently trying to set up and improvements to the time sheet software my colleague has written).
- Format the windows box and reinstall. Unfortunately I have no other option here.
- Setup domain controller, DNS and certificate services in that order.
- Setup the terminal server role.
- Setup MS Office 2007.
- Setup Office Sharepoint 2007.
- Setup Bacula backup system.
Hopefully, installing AD first will make sure that everything has the correct users and groups. I will then have an IT environment with two user databases: one Linux based LDAP server and one AD server. LDAP will serve linux boxes and AD will server Windows boxes. Hopefully both will use the same home directory although the Windows roaming profile will be stored on the Windows server.
I’ve got to get this done by the end of the weekend so I’m just finishing the backups and here goes…