OT : Good XP Domain Admin book?

Each to their own - black is the best colour ;-)

 

Apparenlty not their strong point ;-)

 

dwb? He'z just ziz guy, you know?

Thats bollocks.

They wanted an excellent s/w engineer who can maintain their small
network as needed.

Thats what they've got.

 

dwb? He'z just ziz guy, you know?

In the process of. If the management have no IT knowledge they've got
to trust the person they employed to do the job, who has got to do
everything with, as you say, the best interests of the company in mind.

Why? You think I'm going to employ somebody else to maintain it?

'Customised'? Standard apps, standard setup.

Its not a case of just buying more licenses, it needs a lot of time
sorting out all its problems, and it'd be quicker (from the POV of the
administrators, i.e. me) to build a new system based on *nix. And
saving time saves the company money.

Let me reverse the question, if you got an IT network admin job at a
company, who were having big problems with their network and servers,
and you had the choice of building new servers based on the platform
you knew, or trying to sort out the existing problems, and still having
to replace the old hardware, which is the more efficient and cost
effective method?

 

Phil Launchbury scribbled:

Having had a quick look, the only machine with DNS is the gateway.

They're all using Net BIOS.

Hmm, rather use static IPs.

Ah, yes that'd work.

I'll try that Monday night when everyone else has stopped using their
machines.

Cheers.

 

You do talk some sanctimonious bollocks sometimes.

 

Well it sounds pretty good reasoning to me on this occasion.

Something that works out of the box that any administrator could manage
doesn't cause a problem when the admin fucks off or takes holiday.

Something that's developed as a one-off is a *real* pain to manage
especially if it isn't properly documented.

 

scribbled:

Read my other posts, its got many issues. I haven't got the time to
spend ages finding and fixing them all.

How is it a "one off"? Standard Suse install, using the packages that
it comes with, set up in a way that any admin who knows *nix servers is
familiar with.

I suspect you & Dan don't know enough about *nix.

 

Quite.

But I couldn't be arsed to say it.

 

I'm not sure I agree that's the reason you didn't say it.

 

Disaster no.1

NETBIOS over IP or real-traditional-non-routable NETBIOS?

Original NETBIOS was not routable, could only see it's own subnet
(which is why WINS was invented) and generally sucked.

Don't. You can assign IPs to MAC addresses if you need things to be
static.

Phil

 

Nope. In my personal opinion and experience I have seen as many
disasters set up by people using stuff that 'just works out of the box'
as the other. Here being a case in point - our AD was set up by someone
who had picked it up as he went along without actually understanding
the principle behind AD. As a result there were machines that had to be
accessed by raw IP address becuase their names couldn't be resolved
internally, each of the AD masters could only talk to one of the other
three masters and the AD directory itself was corrupted.

It does. Trust me on this. Letting non-trained people make admin changes
is a receipe for disaster even when the software 'just lets them do
it'. Like deleting the Enterprise Admins group out of AD (and yes - I
have seen it done). Just becuase it's 'easy to do' doesn't mean that
people who don't know what they are doing should do it!

I repeat - you obviously know nothing about Linux, Samba or the tools
used to manage both. There are ways of setting them up that allow
simple tasks (adding users, changing passwords - that kind of thing) to
be automated and easy to do.

Phil

 

Phil Launchbury scribbled:

Two servers, two subnets.

Server one is a bridge between the subnets and also the file server.

Server two handles email, firewall and routing to t'internet, DNS,
Active Directory, SQL Server.

The local networks domain seems to be configured completely wrong.

In the big bad world they have

www.domain.co.uk has IP A and is a virtual host.

wibble.domain.co.uk has IP B which is the external IP of server two.

mail.domain.co.uk is an alias for IP B and is the main MX handler for
www.domain.co.uk

Thats all fine.

All machines on the LAN are hidden behind a NAT.

The local domain is called wibble.domain.co.uk, which is where the
problem lies I think.

On all local machines, if you ping server one or two it comes back with
the external IP of server two. Seems to be routing all traffic to
server two, to its external interface, and then back to where its
supposed to be going too.

I can see why its doing it. The client adds the suffix
wibble.domain.co.uk to the name its trying to access, and since its a
real world IP it gets sent WAN wards, and then back in.

I'm not sure if the packets are getting turned round in server B or at
the ISP, but wherever it doesn't keep connections open for long and
drive shares and printers disappear / become unavailable.

Just have to rename the whole domain to something completely unrelated
to real world hostnames, like 'localdomain'.

I can't actually see why they've got two subnets anyway. A decent
gigabit switch will ensure heavy traffic is routed between the host
machine and the file server, so thats not a problem.

Over IP. 2000 and XP don't have traditional NetBIOS, even MS knew it
was crap!

I'll put it somewhere at the bottom of my list

 

You've not read up on how active directory works yet, have you?

Remember what people said about if it had been set up wrongly it could
be a pain in the arse, well, it's been set up wrongly.

Good practice would have been to use a subnet of the real public domain
for the internal systems, in an intranet.xxxxxx.co.uk style. Then that
subdomain can be managed by the AD DNS server, whilst it's parent sits
on public DNS as you'd expect.

I'd suggest you do some reading before you change stuff, start with how
active directory does domain and catalog lookups.

 

ginge scribbled:

Difficult without a book.

GINGE!

Well they appeared to sort of try to do that, but went wrong.

I think.

**** knows. Gimme linux and text config files anyday.

I would have if PC Wank had any books in stock, but they had naff all,
so its mail order. And a few days.

 

I think that he and Dan are spot on.

Fucking IT nerds are only interested in the technology. Listen up -
you exist to support the business, not the other way round.

 

Mott?

 

Maybe you need to hire someone that understands the exchange server for
a couple of weeks.

If it's really this straightforward then fine. It just didn't sound
that straight forward and my (very limited) experience of linux
distributions suggested to me it wasn't.

Oh, I don't claim to know about OSs or software in any great detail.

I do know what happens when you rely on software that's written badly
and poorly documented; you end up paying someone else to write it again.

 

scribbled:

Good idea but they haven't got enough mooney to buy me a decent TFT
monitor, so its a no go for ages, and by that time i'll have got a
handle on it.

With the distributions you can get now, you choose the "server" package
to install, and then configure the parts you want.

If you don't need them you turn them off, there's almost no interaction
between them so you can just turn on the services one by one, and fine
tune the config until its working well, and move onto the next.

There's no 'code' being written, its all been done, and is in heavy use
throughout the world, with thousands of coders fixing bugs 5 seconds
after they're found

No such need with the server apps. They've been around for decades,
revised every now and then, but stable as houses.

Of course, just like any server on any OS, poor configuration can screw
up anything.

And as I've said, I'm new to the MS server stuff, and I don't want to
learn on a live system (apart from the fact I can allocate about minus
25% of my time to administration).

I've figured out a workaround for the mis-configured Active Directory
which will keep everyone happy in the meantime. I'll just wait for my
MS server books to arrive, learn from them, survey what the company
actually needs and devise the best solution.

 

Ben Blaney scribbled:

Interesting.

So you suggest I should stop developing the app that the company relies
on 100%, so I can get everyones PCs working nicely, so they can email
out the redundancy notices and surf JobSite?

Strange notion of supporting the business.

You suprise me, I took you for someone who could figure out priorities.