Migrating Windows NT Environments to Linux
Bertil Starck
best08 at handelsbanken.se
Fri Oct 10 21:32:32 GMT 2003
Hi!
Anyone experienced the limitation of "NGROUPS_MAX 32" in the kernel when
running Samba/Winbind or solved the "Builtin Group Administrators" and the
ACL considerations when migrating from WinNT to Linux?
Here follows our knowledge about the "NGROUPS_MAX 32" stuff and our
aproach to migrate data with Robocopy. If there's someone having a better
way to migrate, please speak up.
- We have the PDC on the WinNT-side and we run into problem with the
"NGROUPS_MAX 32" limit set in the kernel. Because of this a user that have
more than 32 groups in his account will get the "access denied" msg and in
the Linux log you will se this msg:
"Oct 2 14:06:44 cslinux15 smbd[3981]: Unable to initgroups. Error was Operation not permitted"
The "man setgroups" will explain further about the NGROUPS_MAX limit.
- Another consideration when migrating is the ACL. Samba/Winbind is not
able to "see" the Builtin Groups in WinNT, and can because of that not set
the ACL (setfacl) when e.g. the Administrators is the owner of a file. To
try to solve this "Builtin"-problem we run a scripts before migrating data
that changed any member in the Builtin group to a more useful name we used
the ResourceKit command "subinacl".
We try to use Robocopy for the data-transfer with this options "robocopy "j:" "f:\pilot\sthv0016\cdcs" /copy:datsou /mir /r:0 /ns /nc /nfl
/ndl /log:f:\pilot\roblog_xxx.txt /tee",
the mirror (mir) function in robocopy seems not to work when copying to
Linux though.
- Another issue is the Local Group handling.
For our company it seems that the "NGROUPS_MAX 32" is a show stopper for
the moment, maybe You will have any experience in this matter.
Best Regards Bertil Starck
More information about the samba-technical
mailing list