[Samba] permissions not transferred using robocopy, xxcopy,
net share migrate shares
Tom Wolfe
twolfe at sawback.com
Sat May 14 15:53:22 GMT 2005
Hello:
I've been working for a few days on getting a FreeBSD 5.3 server up and
running as a samba data backup server.
My goal is to schedule periodic backups of our file server. After reading
recommendations (e.g. by Mr. Terpstra) I've focused my attempts aroung
robocopy, xxcopy, net rpc share migrate shares.
However, I'm running into stumbling blocks that seem to involve a problem
with permissions to write to ACLs -- but only when trying to transfer files
from Windows to Samba.
Before you pass this by as another "can't change ACLs" post: YES, using
Windows Explorer I CAN add files, view & change ACLs, etc to the samba share
folders/files (see bottom of this message to see what I can do so far) as
user DOMAIN\administrator. I've also tried forcing user as root (in
smb.conf) to see if that would work (it doesn't).
ROBOCOPY
========
C:\>robocopy temp \\srv04\backup\temp6 /MIR /copyall
gives me the following:
3 C:\temp\
2005/05/14 09:20:24 ERROR 5 (0x00000005) Copying NTFS Security to
Destination Directory C:\temp\
Access is denied.
XXCOPY
======
C:\>robocopy temp \\srv04\backup\temp6 /MIR /copyall
Gives me no errors; however, ACLs are lost (Everyone, root, wheel show up;
nothing else does)
Net rpc share migrate shares
============================
This looks like a REALLY cool way to accomplish what I want to do; however,
% net rpc share migrate shares Scanned -S srv02 -U Administrator%Power832
gives me the following error:
migrating: [Scanned], path: D:\SPub\Scanned Images, comment: , without
share-ACLs
cannot add share: WERR_ACCESS_DENIED
(same thing happens if I include acls in the migration)
Any suggestions?
Regards,
Tom Wolfe
My smb.conf file:
[global]
winbindusedefaultdomain = Yes
addsharecommand =
/usr/local/share/examples/samba/scripts/perl/modify_samba_config.pl
deletesharecommand =
/usr/local/share/examples/samba/scripts/perl/modify_samba_config.pl
passwordserver = PDCSERVER
idmapuid = 10000-100000
winbindcachetime = 3600
realm = DOMAIN.COM
templatehomedir = /home/%U
winbindnestedgroups = Yes
allowtrusteddomains = No
workgroup = DOMAIN
changesharecommand =
/usr/local/share/examples/samba/scripts/perl/modify_samba_config.pl
idmapbackend = idmap_rid:DOMAIN =10000-100000
templateshell = /bin/sh
winbindseparator = +
security = ADS
idmapgid = 10000-100000
log level = 3
max log size = 0
log file = /var/log/samba/PDCSERVER.log
[backup]
adminusers = administrator
readonly = no
writable = yes
path = /home/backup
==========
Note: Much of my search discovered many posts similar to my own questions
that were answered by exhortations to RTFM or "search the list archives!",
or (usually) plain silence ... well, I followed the advice and found it
wasn't at all easy--but these caveats did at least keep me from making a
plea for help until now!
For other users struggling to get this done (FreeBSD, Samba, ACLs,
copying/backing up from Windows to FreeBSD), the progress I've made so far
has been helped by:
- Samba official How-to & list archives, of course...
- a good, simple how-to at
http://web.irtnog.org/Members/xenophon/freebsd/winbind as a guideline for
setting up samba with ACLs on FreeBSD 5.3...
- To get ACLs working: FreeBSD 5.1+, which uses UFS2 by default, requires
"tunefs -a enable /usr" (or replace /usr with the whatever you want to add
acl support to; add it to /etc/rc and reboot if you're doing it remotely) to
set my /usr file system up for ACLs...; lower than 5.1 apparently requires
additional kernel configuration entries:
options UFS_EXTATTR
options UFS_EXTATTR_AUTOSTART
... see NOTES, see FreeBSD how-tos on rebuilding kernel (super simple); see
http://nixdoc.net/man-pages/FreeBSD/man7/ffs.7.html
- after some struggle I can now modify ACLs from windows & setfacl -- change
permissions, add misc. users, etc.
More information about the samba
mailing list