[Samba] Re: Migrating Windows NT Environments to Linux

[Stéphane Purnelle]

What is NGROUPS_MAX :
- is the nuber of groups than a user can have (32 groups per user)
- or is the max number of groups on the system (32 groups)

Bertil Starck a écrit :

>Hi!
>
>Anyone experienced the limitation of "NGROUPS_MAX 32" in the kernel  when 
>running Samba/Winbind or solved the "Builtin Group Administrators" and the 
>ACL considerations when migrating from WinNT to Linux?
>
>Here follows our knowledge about the "NGROUPS_MAX 32" stuff and our 
>aproach to migrate data with Robocopy. If there's someone having a better 
>way to migrate, please speak up. 
>
>- We have the PDC on the WinNT-side and we run into problem with the 
>"NGROUPS_MAX 32" limit set in the kernel. Because of this a user that have 
>more than 32 groups in his account will get the "access denied" msg and in 
>the Linux log you will se this msg:
> "Oct  2 14:06:44 cslinux15 smbd[3981]:   Unable to initgroups. Error was Operation not permitted" 
>
>The "man setgroups" will explain further about the NGROUPS_MAX limit.
>
>
>-  Another consideration when migrating is the ACL. Samba/Winbind is not 
>able to "see" the Builtin Groups in WinNT, and can because of that not set 
>the ACL (setfacl) when e.g. the Administrators is the owner of a file. To 
>try to solve this "Builtin"-problem we run a scripts before migrating data 
>that changed any member in the Builtin group to a more useful name we used 
>the ResourceKit command "subinacl".
> We try to use Robocopy for the data-transfer with this options "robocopy "j:" "f:\pilot\sthv0016\cdcs" /copy:datsou /mir /r:0 /ns /nc /nfl 
>/ndl /log:f:\pilot\roblog_xxx.txt /tee", 
>the mirror (mir) function in robocopy seems not to work when copying to 
>Linux though.
> 
>
>- Another issue is the Local Group handling.
>
>For our company it seems that the "NGROUPS_MAX 32" is a show stopper for 
>the moment, maybe You will have any experience in this matter.
>
>
>Best Regards Bertil Starck
>
>  
>