Antivirus in FC3?

Craig White craigwhite at azapple.com
Thu Mar 24 03:02:12 UTC 2005 

On Wed, 2005-03-23 at 20:12 -0600, Paul wrote:
> On Wed, 2005-03-23 at 18:17 -0600, Les Mikesell wrote:
> > On Tue, 2005-03-22 at 23:50, Paul wrote:
> > > Well they vary from small (a few hundred) to large (hundreds of
> > > thousands of entries).  I'm thinking of the smaller side of the spectrum
> > > where you are dealing with a fairly flat structure.  I believe that SELS
> > > 9 includes a plugin to Yast to do that.
> > 
> > The LDAP database everyone who doesn't already have one wants would have
> > PosixAccount and SambaAccount schemas set up so you make one entry and
> > change your password in one place and you can log in to any Linux/Unix
> > box on the net and also use it as your Windows domain controller with
> > same login/passwords.  Nice, but less essential would be the addressbook
> > entries that work with Outlook and other MUA's, and the email delivery
> > entries that work with sendmail to allow distributed mailboxes.  Isn't
> > this stuff close enough to a standard that it could work out of the box?
> > That is, have a checkbox item to make a machine an LDAP server like the
> > one to make it a client.
> 
> I agree it should be pretty much like that ... launch a wizard, input
> the base dn, check to see if samba is installed and ask if you want it
> to use OpenLDAP for authentication and if it is the primary or backup
> domain controller update the smb.conf and have it populate a basic tree.
> 
> SuSE Enterprise 9 supposedly has that functionality with a yast
> plugin ... I have not had a chance play with SELS 9 yet.
> 
> Fedora should have something like system-config-ldap would be nice to
> have to make RH/Fedora better for small organizations with a part-time
> or single person IT staff.
> 
> I've looked at several GUI tools to manage OpenLDAP, but they are either
> too generic or not maintainted and don't support Samba 3 schema or have
> stability issues.
----
lam
http://sourceforge.net/projects/lam

webmin
http://www.webmin.com

personally - I use Webmin...of course, the initial LDAP setup is manual
but once structure is in place, I can channel all interaction (manage
user accounts, groups etc. for Posix and Samba accounts, even create
user addressbooks, free/busy URL's etc. in LDAP DSA

This is the second time you mentioned SELS 9 but I've always seen it
stated as SLES 9 (SuSE Linux Enterprise Server) - just checking if you
are referring to the same thing

Often discussed (and I get yelled at by John Terpstra - maintainer of
Samba Documentation) on the samba at lists.samba.org mail list

Concept is turnkey LDAP/Samba - they use the IDEALX scripts - no doubt
that SLES 9 is using some implementation of them. 

It all sounds real good but you end up with administrators that aren't
entirely certain what LDAP is, how to maintain it, how to fix it, how to
secure it and how to get other applications to work with it. People are
pulling their hair out trying to get it to work before they understand
the first thing about LDAP.

My own personal favorite question/answer goes like this...
Q) how come I can't get XXXX application to work with LDAP?
A) what happens when you use that information in cli - ldapsearch ...
Q) I have gotten that to work for me

The questions from the users on that list are really really ugly - they
are trying to set up LDAP and samba at the same time and they haven't
the first clue where the setup problems of one begins and the other one
ends.

I can see your point though - the need to have network administration by
dummies - those that don't know the technologies, the security
implications, can't troubleshoot and can't even articulate a question
that describes the problem that they are having...only that they know it
isn't working. I guess I'm happy believing that Microsoft had this niche
well served. I can see the motivation for Novell/SuSE to make a grab for
this market though.

Watching the masses turn off SELinux on this list because they don't get
it should be a clue as to how well a Samba/LDAP turnkey solution is
going to go over...lots of angst hurled in every direction.

Craig

More information about the fedora-list mailing list