[Samba] permissions not transferred using robocopy, xxcopy, net share migrate shares

Tom Wolfe twolfe at sawback.com
Sat May 14 15:53:22 GMT 2005


I've been working for a few days on getting a FreeBSD 5.3 server up and
running as a samba data backup server.

My goal is to schedule periodic backups of our file server. After reading
recommendations (e.g. by Mr. Terpstra) I've focused my attempts aroung
robocopy, xxcopy, net rpc share migrate shares. 

However, I'm running into stumbling blocks that seem to involve a problem
with permissions to write to ACLs -- but only when trying to transfer files
from Windows to Samba.

Before you pass this by as another "can't change ACLs" post: YES, using
Windows Explorer I CAN add files, view & change ACLs, etc to the samba share
folders/files (see bottom of this message to see what I can do so far) as
user DOMAIN\administrator. I've also tried forcing user as root (in
smb.conf) to see if that would work (it doesn't).

C:\>robocopy temp \\srv04\backup\temp6 /MIR /copyall 

gives me the following:
	                   3	C:\temp\
2005/05/14 09:20:24 ERROR 5 (0x00000005) Copying NTFS Security to
Destination Directory C:\temp\
Access is denied.

C:\>robocopy temp \\srv04\backup\temp6 /MIR /copyall

Gives me no errors; however, ACLs are lost (Everyone, root, wheel show up;
nothing else does)

Net rpc share migrate shares
This looks like a REALLY cool way to accomplish what I want to do; however,

% net rpc share migrate shares Scanned -S srv02 -U Administrator%Power832

gives me the following error:

migrating: [Scanned], path: D:\SPub\Scanned Images, comment: , without
cannot add share: WERR_ACCESS_DENIED

(same thing happens if I include acls in the migration)

Any suggestions?

Tom Wolfe

My smb.conf file:

        winbindusedefaultdomain   = Yes
        addsharecommand           =
        deletesharecommand        =
        passwordserver            = PDCSERVER
        idmapuid                  = 10000-100000
        winbindcachetime          = 3600
        realm                     = DOMAIN.COM
        templatehomedir           = /home/%U
        winbindnestedgroups       = Yes
        allowtrusteddomains       = No
        workgroup                 = DOMAIN
        changesharecommand        =
        idmapbackend              = idmap_rid:DOMAIN =10000-100000
        templateshell             = /bin/sh
        winbindseparator          = +
        security                  = ADS
        idmapgid                  = 10000-100000
        log level = 3
        max log size = 0
        log file = /var/log/samba/PDCSERVER.log

        adminusers                = administrator
        readonly                  = no
        writable                  = yes
        path                      = /home/backup

Note: Much of my search discovered many posts similar to my own questions
that were answered by exhortations to RTFM or "search the list archives!",
or (usually) plain silence ... well, I followed the advice and found it
wasn't at all easy--but these caveats did at least keep me from making a
plea for help until now!

For other users struggling to get this done (FreeBSD, Samba, ACLs,
copying/backing up from Windows to FreeBSD), the progress I've made so far
has been helped by:

- Samba official How-to & list archives, of course...
- a good, simple how-to at
http://web.irtnog.org/Members/xenophon/freebsd/winbind as a guideline for
setting up samba with ACLs on FreeBSD 5.3...

- To get ACLs working: FreeBSD 5.1+, which uses UFS2 by default, requires
"tunefs -a enable /usr" (or replace /usr with the whatever you want to add
acl support to; add it to /etc/rc and reboot if you're doing it remotely) to
set my /usr file system up for ACLs...; lower than 5.1 apparently requires
additional kernel configuration entries:
options         UFS_EXTATTR
... see NOTES, see FreeBSD how-tos on rebuilding kernel (super simple); see

- after some struggle I can now modify ACLs from windows & setfacl -- change
permissions, add misc. users, etc.

More information about the samba mailing list