The ever-shifting New England weather is making me feel like a hockey puck in the closing minutes of the third period: pounded. My head is stuffy and throat is sore. All I want to do is sleep. Focusing on writing, reading, and even answering the phone at work feels like a Herculean task.
Beyond the bitching, this weekend I snagged some decent albums over at emusic: Colette & DJ Heather’s House of Om, Dieselboy’s The Human Resource, and John Digweed’s Transitions. Epic length for certain with both House of Om and The Human Resource checking in at around thirty-two tracks apiece but Digweed’s is a seventy-four minute continuous mix encapsulated in a subscription friendly single track. I’m hoping to tackle some for Candied Pop this week, though my review backlog is huge because I’m a dangerous combination of lazy and unfocused.
Pass the tissues, please.
When I was a kid Saturday mornings meant cartoons from 6 to 11 a ritual that disappeared around the time I entered high school. Well, PenguinTV has brought it back as Saturday mornings are the only time when it is quiet enough for me to catch up on my feeds, all 21 of them!
- Ask A Ninja (rss)
- Channel Frederator (rss)
- Cinematech (rss)
- Cinematech: Nocturnal Emissions (rss)
- commandN (rss)
- DVblog (rss)
- GeekBrief.TV (rss)
- Geekdrome (rss)
- Geek Entertainment TV (rss)
- Hope Is Emo (rss)
- Human Dog (rss)
- Jet Set Show (rss)
- MediaRights (rss)
- Rocketboom (rss)
- Telemusicvision (rss)
- TERRA Nature (rss)
- the show with zefrank (rss)
- The Traveling Morans (rss)
- The Wubbcast (rss)
- World Tales (rss)
- X-Play (rss)
Here’s the OPML if you just want them all!
From the eWEEK post Vista vs. Ubuntu? comes this spot on comment: “you are comparing Windows to Penguins. One is a static inanimate object with no hope of ever being anything other than a portal to someone else’s pocket. The other is an organic structure which is born out of humanity’s good will.” Love. It.
Done (thanks to this thread).
#sudo nano /etc/mail/sendmail.cf
search for DS
# “Smart” relay host (may be null)
DSfoo.domain.bar [Note! There is no space between DS and the domain.)
#sudo /etc/init.d/sendmail restart
Now I can spend my time playing with Joomla!
By now, if your still reading, you might be bored to tears with the topic but I made some serious headway today. I’ve got ACLs working so that a Windows user can set permissions and take ownership of folders and files. This was stupid easy by adding acl to fstab:
/dev/hda1 / ext3 defaults,errors=remount-ro,acl 0 1
Yup, that easy. The only outstanding thing is granting sudo rights to AD groups, I can to individuals but oddly not groups. Need to figure that one out.
So by this afternoon I had a fully functioning file/web/database server that has joined a Windows domain. Last on the list, beyond sudo, is getting Sendmail to rely mail to the Exchange server so that our web apps are fully functional. I am fairly certain I can find a work around tomorrow to get that going.
Nap time.
One of the key things that was missed in the HOWTO I linked yesterday was enumeration of users and groups by winbind. If you do not have this set to ‘yes’ than you’ll be gnashing your teeth in frustration trying to set up shares with Active Directory permissions. Check it out:
smb.conf–>
[global]
# Changes
security = ADS
netbios name = linux-foo
realm = bkm.com
password server = ADS.foo.bar
workgroup = FOO
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no
Wth that set you should be able to run getent group and see both the local groups as well as the AD groups which will then allow you to set AD permissions in the Samba share:
smb.conf–>
[Foo-Public]
comment = Foo Public Directory
read only = no
browseable = yes
path = /shares/public
users = @”FOO+Domain Users”
At the moment I have it semi-granular rights working in that everyone can browse the shares but only certain groups possess Read-Write-Execute rights. If I switch browseable = no than people just need to know the location of the share to get to it, i.e. security through obfuscation. So the challenge that remains now is to use the ACLs as determined by AD and to find a way to edit those ACLs through the Windows MMC. A thread over on the Samba newsgroup talked about needing to enable ACL on the mount point in fstab so I’m going to add another disk in VM-Ware and then mount it with ACL turned on rather than futzing with my primary mount. If I can get ACLs working than likely I can tighten security so that it is only viewable to those as indicated rather than to the general public.
Makes my eyes bleed.
