Back in line, maggot!

Just spent about 8 of the last 13 hours converting an NT4 domain to a Samba3 domain using LDAP as a SAM backend (to store machine and user accounts). It would’ve been much simpler if not for a bug in smbldap-tools (which didn’t add the “sambaSamAccount” objectClass to the machine accounts, in turn breaking the net rpc vampire process). Part of the issue is that there’s so little in the way of google-able documentation, if something breaks and you aren’t already very familiar with the way NT4 domains handle machine accounts and/or how Samba does the PDC dance, it gets ugly fast.

Some other quirks (like machines consistently not joining the domain the first time, but properly joining the second time [??]) kinda suck, but hopefully they’ll get ironed out in time for Samba-4, when they get to throw everything out and enter the 9th circle of ActiveDirectory Hell. Microsoft’s “Roaming Profiles” 5uXX0r as well, taking about 40-seconds the first time you login to a machine, and another minute the first time you log out. I wonder what it could possibly be doing for that 40-60 seconds, personally — since the files themselves are only 16M, it’s looking like either Samba is really slow (unlikely), or there’s some kind of ugly timeout going on. Junk to investigate tonight, I guess.

I also got a Trek 7100 “hybrid” (granny/commuter) bike yesterday. It’s light enough for my lazy self to drag up the stairs to my apartment, though I haven’t ridden since I was a kid. I’ve already wiped out once (thanks to a freshly trimmed rut alongside a sidewalk), and my legs were getting a little heated by the end of the trip home after work (which is evidence more of my total out-of-shapeness than the bike).

Anyhow, having been awake for so long and then wasting so many hours wrestling with my three favorite technologies (NT domains, LDAP, and Samba), I will now sleep until tonight… Or until I get called in to the office because my boss used a non-standard password for the big-boss’ computer’s local-admin account, preventing me from getting it back on the domain. Whichever comes first…