(OT) Re: Unity ROCKS!!!

[Tom H]

On Sat, May 7, 2011 at 12:19 PM, Liam Proven <lproven at gmail.com> wrote:
> On 3 May 2011 22:19, Tom H <tomh0665 at gmail.com> wrote:
>> On Tue, May 3, 2011 at 12:47 PM, Liam Proven <lproven at gmail.com> wrote:
>>
>>> For Linux, it's an ssh session or VNC if you're lucky and that's about
>>> it. There is no standard Linux equivalent to domains or Active
>>> Directory. No, LDAP is not a replacement, any more than a pair of
>>> roller skates is a replacement for the Shinkansen bullet train.
>>
>> Aren't you exaggerating a little? :)
>
> Actually, no, I'm not. I am learning ActiveDirectory for a new job and
> it is so far away from anything I've seen on FOSS systems it's untrue.
> It's like a copy of vi from 1985 up against Adobe InDesign.
>
>> We've got LDAP running for a few thousand Solaris and Linux boxes.
>> We've had NIS and NIS+ in the past...
>
> That's great for you. Really. I'd quite like to know how to do it.
>
> Now, tell me, how can I use LDAP to deploy IE8, Office 2010 and 46
> other apps to 15,000 heterogenous machines running 3 OSs across 5
> countries? By the way, while you're at it, I'd like a full inventory
> of all those machines, detailing the OS versions, patch levels, how
> much RAM and what make & model of CPU they have, and I'd like to be
> able to tell who is logged in and set their login scripts, and I'd
> like to take control of their desktops. I'd also like to filter their
> email and redirect it to their mobile phones and set access controls
> on the phones.
>
> Can you do that with LDAP? :¬)
>
>>> Linux needs more and better ready-to-use server distros, as opposed to
>>> a DIY toolkit to built your own server from scratch such as Ubuntu
>>> Server, and then it needs some compelling management tools for running
>>> a whole network of Linux clients attached to said server in an easy,
>>> point-and-click fashion.
>>
>> I agree that LDAP's a pain to set up but I don't run any server with a
>> GUI so point-n-click wouldn't be of any use to me or to any company
>> where I'm working or have worked.
>
> From choice, I wouldn't, but actually, in practice, I think businesses
> need something that just works, which every software vendor supports
> without question and for which they can hire cheap, untrained staff to
> manage.
>
>> Likewise and Centrify offer LDAP solutions but I've never used them so
>> I neither know whether they're GUI- or CLI-based nor whether they're
>> ready-to-go out of the box.
>>
>> Apple has a very good and easy LDAP setup on OS X Server so it should
>> be possible to create something similar on Linux.
>
> I am not sure LDAP is relevant at all, actually. I think it's more a
> question of: "look, here is an all-in-one ready-to-run server distro."
>
> [Think SME Server here. Install, set hostname and user names, it's
> working. *No* configuration. *That* is what's needed. Like Ubuntu
> Desktop, in other words. You put it on, enter a password, you're in
> business.]
>
> "Now, we need to add a second server in our branch office. All emails
> must be able to be set to go to either and anyone can log in at either
> office. We don't care how it works, we point Server #2 at Server #1
> and it Just Works, end of story."
>
> No talking what technology - it has to just plug in and go, in 2min,
> with no more setup and config than putting the FQDN of Server #1 into
> Server #2.
>
>>> Active Directory is extremely complex and quite hard to learn - I
>>> speak from experience as someone who is currently studying it. It
>>> should not be impossible to come up with something easier and more
>>> accessible to offer as an alternative to it to manage a company full
>>> of Linux workstations.
>>
>> AD's not that difficult! (I speak as a former Win sysadmin who,
>> thankfully, hasn't had to be even a part-time Win sysadmin since
>> 2003.) It has very extensive options - and probably far more now than
>> when I admin'd it - but a basic setup is a simple enough endeavour.
>
> It's grown. A lot. Windows Server is now on 2008 R2 and Exchange on
> 2010. Some stuff is easier, some, sadly, is harder.
>
> After 22y of server admin experience across a dozen platforms, and a
> month's hard study, I failed the basic exam in W2K8 server
> infrastructure with 60% of the pass mark. It's complicated, believe
> me.

If you mean that AD has a GUI and LDAP/Kerberos doesn't (AFAIK), then
you could, with some imagination, compare them to InDesign and vi
respectively. :) Although I'm told that Exchange 2010 has CLI options
that aren't available in the GUi so Microsoft is backtracking somewhat
on its "exclusively GUI" approach.

We only manage servers through LDAP; we have Windows on our desktops,
managed through AD by other teams.

Someone proposed a while ago to have our box inventory in LDAP; I'm
not sure what happened but it must've been shelved because we already
have two full databases with all that information and one with less
extensive information accessible through our web browsers or at the
CLI.

I haven't admin'd AD since 2003 and Win2k but I'm sure that setting up
a AD with twenty servers and 200 users and workstations is easier now
than it was then. More complex setups must now be easier to create and
administer but I'm sure that you can create even more complex setups
now.

I have many Solaris 2.6-7-8-9 certifications and I have WinNT4 and
Win2k MCSEs (with extra MCPs). I don't think that I would've passed
any of those exams without reading the relevant Sun and Microsoft
documentation/books first.

I've never used SME Server but I get what you mean and am surprised
that Canonical isn't publishing such a product. As I said before, if
Apple can do it with OS X Server and based on open source
applications, one of the big distributions should be able to offer
this too.