They obviously do not know windows either ..., otherwise they would not need his/her help. So your argument does not really stand.

I have succesfully used libpst (http://www.five-ten-sg.com/libpst/) to import pst files. I cannot remembeer since when, but longer than one year ago at least.

So this was already possible (and not thanks to them, by the way).

Well, I am no native speaker so I had to google what you meant about 'twat'.

I was quoting your remark about how "unusual" registry editing was in windows and you start calling me names. I guess that says it all about you and your 'arguments'.

I will repeat it (you just try to read it slowly so that your synaptic pathways do not get damaged in the meantime): if you use windows, you edit the registry all the time (even if you do not know that you do so).

Did you survive it? Good for you.

Have a nice day you too.

I know your reaction was knee-jerk, but just in case you didn't know, unix machines can also be configured by policy (cfengine/puppet) and single sign ons originated in the unix world (kerberos). The freeipa project http://freeipa.org/ already has a working nice kerberos+ldap solution with integrated multimaster replication and quite easy to set-up (version 1.2, if I recall correctly). Version 2 will come shortly and it will be even easier). I know, I know, first I have to see it.

You can now join linux/solaris clients to a freeipa kerberos domain in a very similar way as to how you join a window machine to a windows domain. You have delegation of tasks for junior staff and it just works. Why has it taken so long? Good question, ask the big linux players (google, ibm) why they were not interested in this. Red Hat started it and they are actively developing it right now.

It takes time, but good stuff happens eventually.

http://lmgtfy.org/?q=gnome+lock-down

I am sure there is something similar for other desktop environments. Just use this info with cfengine/puppet and off you go.

Apparently the freeipa (http://freeipa.org) project are busy with something really integrated for policy settings, it should be soon ready (the authorization stuff is already there, so no nis for me thankyouverymuch).

The big difference is that Registry editing is extremely uncommon in Windows. Trawling through textfiles in Linux (or BSD) is - ironically - something you're almost certainly going to have to do as soon as you step off the narrow path of basic setup and usage.

I beg to differ. As a windows/linux/esx sysadmin I edit the registry of the windows machines on a daily basis.

The registry is the configuration system of windows, so even if you are clicking bottoms, the settings will be saved in hives. My point is: even if you do not know it, if you use windows, you edit the registry with nearly every mouse click.

Manufacturers bring out "updates" to fix problems that are in fact just modifiying a few registry keys. But users can apparently not use regedit to do that, so companies bring a hotfix out with autoit as an executable to just change the value of a key. The customer just clicks on the installer and follows a wizard, that is what he/she is used to.

obviously mean http://ftp.isc.org/www/bind/arm95/man.named-checkzone.html

Didn't they use something like this before reloading the zone? If the mistake was a missing '.' it should've given you big warnings ...

http://ftp.isc.org/www/bind/arm95/man.named-checkconf.html

Where I work I frequently use the cli to automate windows servers. You should try it, it may surprise you that it works pretty well.

As to file permissions in samba shares, maybe you should learn about sticky bits for group permissions.

It is also worth noting that ntfs acls are not the same as posix acls; even then, using a management system as cfengine would ensure that the permissions in the shares would be correct without the admins' intervention once the system is setup. No need to login to the server to change a permission. You use group policy for your windows clients and servers, use unix policies for your unix clients and servers then :-) (cfengine, puppet, chef, choose your poison).

As to your mention that the 2008 r2 server merely joined the domain, sorry, you misread the article:

So basically, the 2008 r2 server became a domain controller inside a samba 4 domain. It replicated the database. Sure, it is not production ready *yet*. There are sites running it in production though (with some 300 clients, if I recall correctly). It is getting there. Sooner than you think now ;-)

Your point about usermapping is completely irrelevant, by the way. If you install s4 now you just join a winxp to the domain with its adminpak and manipulate users from dsa.msc or the dstools. What's the problem then? Most admins will never know they are talking to a linux domain controller.

If MS 'patches' something that horribly breaks samba, chances are they will break something that horribly breaks win2k3 ;-)

That's a good way of making friends in a lot of places :-)

My point exactly. Too bad I do not have mod points :)

Asset Tracker is a great project. Yes, it is a bit of a 'pain' to set up, but so is any asset tracking software. At work we have had a consultant at least 3 weeks working intensively with one of our team to get another solution installed. That is 3 weeks consultant's salary plus 3 weeks salary of one of the team. The other solution sucks, but hey, it costs a lot of money and it is 'supported'.

Asset Tracker lets you build your solution just like you have to do with other packages. But it costs you nothing if you do it yourself. If you already have a working knowlegde of how Request Tracker works, it should not cost you a lot of time to have it working.

I am writing some documentation on how to install Asset Tracker and configure it. It will be released shortly, but I have no fixed deadlines (this is on my own time).

At work we have a free nx server (so the 'difficult' one to install, that is) for a quite a few thin clients. At this moment it is not particularly busy and we have 11 users (this is a browsing server, the thin clients only start firefox as a kiosk in the nx server).

I have no experience with zimbra, but zarafa really is an exchange substitute. The webaccess is amazing (working perfectly in firefox or other browsers), you can open several mailboxes in the web ui, it has push email that works with all active-sync devices and it really works as outlook users expect. It is opensource (AGPL) and they offer rpm, debs and sources.

They have great documentation, great support and as a whole, great product.

For hosters it is a killer too, you can set it up for multiple companies, each one with their own global address book.

You can store attachements in the file system instead of in the database (mysql). In their 'community' edition you even get 3 simultanous outlook users if you want that. But why would you want outlook if you don't have roadwarriors? If you do, then yes, you may need it.

Oh yes, before I forget, another great feature is the 'restore' button. Users can 'undelete' their deleted items (even from the trashbin!) up to 30 days after deleting them (all is configurable, period can be shorte or longer). Admins even have access to the deleted mailboxes of people whose accounts have been terminated for a similar period of time, so no need to dig up tapes anymore.

As a whole, great (opensource) software.

I can recommend this book (it uses cfengine extensively): Automating Linux and Unix System Administration, Second Edition

gimme a break :)

you've obviously never done tech support for office people. Very smart guys and girls, who have studied long years and still use winword.exe to browse their filesystem (you will notice when they call you panicking because all their files are gone: yes, they try opening excel sheets from winword and if you do not choose show all files, only word files are shown then).

So do not give me that crap. Users know very little about computers or applications (which is also the reason most IT guys and girls have jobs).

They just know winword = typewriter that can print documents after checking the spelling; oulook = something to send/open silly powerpoint attachments with; excel = for when they need printing something with a table in it. This caracterizes 99% of all their business needs. The other 1% is usually a webapp or with the company's database application.

Do you really think those people need ms office in their netbooks. Of course not. They just want to have what they use at work. So if at work they start using openoffice.org ...