#ubuntu-directory 2007-04-16
<robertj> ajmitch: I told you a lie, the new blessed way to specify OU when joining the domain is net ads join createcomputer=SubOU
<robertj> http://en.pastebin.ca/443477 makes it fairly happyish
<ajmitch> ah, you've got the latest branch, good
<ajmitch> thanks for that
<robertj> now it stops at mismatched workgroup
<robertj> is it kosher to put that in params since it really doesn't go in smb.conf?
<ajmitch> problem is that there should be a flag for AD/non-AD, and sticking values into the smb.conf & pam based on that
<robertj> non AD smb you mean or non AD winbind?
<ajmitch> non-ad winbind
<ajmitch> which probably won't often be used
* robertj goes to pick up wife & go home
<robertj> bbl
#ubuntu-directory 2007-04-18
<robertj> hrmm getting Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials on net ads join on Fesity but Edgy works fine
<robertj> hrmm it appears that the FQDN must be present in /etc/hosts
<robertj> ajmitch: is there any sane way to get a rlookup & get it in there automagically?
#ubuntu-directory 2007-04-22
<kgoetz> does this team have a wiki page or something? the Lp page isnt very... verbose
<Burgundavia> not really
<Burgundavia> why do you ask?
<kgoetz> i was wondering what the teams purpose is - is it help or working on directory services for ubuntu?
<kgoetz> i may need to deploy a few systesm authing against an ldap databse (or an arangement like that), i was wodering if this was a place to look
<Burgundavia> we are both help and dev
<Burgundavia> most of us have deployed ldap systems and some of us are working on making it easier
<Burgundavia> ajmitch has an almost complete auth tool that will allow easy ldap auth
<ajmitch> apparantly in production use even
<kgoetz> hm. neat.
<ajmitch> plus there's various server stuff
<kgoetz> ok
<kgoetz> not really much further on, apart from knowing ajmitch is the person to wath ;0
<ajmitch> :P
<kgoetz> *watch
<kgoetz> :p
<ajmitch> why me, I'm just another spare time hacker
<Burgundavia> kgoetz: the guide on the wiki at https://help.ubuntu.com/community/LDAPClientAuthentication has been well tested
<kgoetz> Burgundavia: thanks for that.
<kgoetz> ajmitch: you got named :P
<ajmitch> lucky me
<kgoetz> ah, and it links to the server setup page. nice
<kgoetz> i'im sure i'll have a chance to try it out some time. thanks again
<Burgundavia> that I need to rewrite at some point
* ajmitch needs to do some work on this stuff at some point
<Burgundavia> the authtool doing completely cached stuff will rock
<ajmitch> yeah, it should do that
<Burgundavia> colour me wrong, but doesn't default openldap pass auth data unencrypted?
<ajmitch> connect with ssl
<Burgundavia> right
<Burgundavia> which I would need to configure?
<Burgundavia> can we make fds only allow ssl connections?
<ajmitch> it could be possible
<Burgundavia> from the security perspective, if authtool does ssl by default and fds only allows it, we have a win
<ajmitch> yep
