AW: AW: [Samba] Migration to Samba using external LDAP server(CLARIFICATION NEEDED)

[Pseudomizer]

Hello,

thanks for your reply. I didn't know that I was not specific enough. Let me
go into the details.

Current infrastructure:

9 Windows 2003 servers acting as file and print servers and a little bit of
databases.

Target infrastructure:

1 Debian Cluster running Samba
1 Database Cluster running ADAM (LDAP)

Our current test environment exists of:

Debian Cluster running Samba 3.0.14 with 2.8GHz proc and 4GB RAM each node.
We have implemented a samba.ldf file to ADAM to do the mapping between SID
and UID/GID. Samba uses external LDAP user validation for active directory.

If a user tries to connect to a share the samba server contacts the external
LDAP server for user verification/validation. LDAP server contacts PDC to
validate user and to get SID. LDAP server stores SID and new created UID/GID
to have an user mapping from the SID to the UID/GID. 

The user connects to the share, and when he stores a file he gets a UID/GID
from Debian/samba. So e.g. user with SID blablabla-blablabla-blablabla gets
UID 8235 and GID 7234.

This works fine right now. We have the mapping running and all works as
expected. But now the problem which occurs is that we want to migrate all
data to this new cluster.

If we would copy the data with simple xcopy or robocopy using e.g. an admin
account from the domain, then the files which will be created have which
owner? Will the permissions still remain?

Example:

Windows server with file readme.txt:
Permissions: Read for everyone, Full access for admin account, Full access
for owner

Samba server copied file with any tool to samba share:
Permissions: ??????

Our current understanding would be that if every user would copy his own
files under his account to his share then the permission would remain. But
we can not ask each person to copy his files to the new server and to the
right folder.

The next problem we have is if the permissions can be maintained what
happens to the mapping? The reasons for our concerns are that we are using a
user mapping on an external LDAP server. So if we use a specific user
account to migrate the data and assuming that each file will have a SID
which UID/GID will be allocated to this data? We do not understand how to
accomplish what we need. We try to understand how this mapping for every
user will be done using our external LDAP server creating the UID/GID on the
Debian server.

Is this description now clearer? Any additional information needed?

Thanks for the feedback so far.

Best regards,

Pseudomizer


 
> Hello,
> 
>  
> 
> we are in the process of implementing a samba server running 3.0.14 and an
> external LDAP server running Microsoft ADAM. We have it also running with
> Open LDAP for UNIX under Redhat. It works fine for every user account that
> accesses the samba instance. The user mapping is done and all works fine.
> 
>  
> 
> Now we have the major problem of the migration and I would need some
> guidance here please.
> 
>  
> 
> The external LDAP server does the mapping from the UID/GID to the SID from
> MS every time a new user accesses the samba instance. But now we want to
> consolidate multiple servers (from the same domain) to this samba
instance.
> We have about ~2.000 users in our domain and we can not let all of them
> contact the samba server to create a user mapping.
> 
>  
> 
> The current situation is that we have to copy about 1.2TB of data to this
> samba server maintaining the user permissions. We are used to tools like
> Robocopy or Xcopy to migrate data to windows servers but in this case we
are
> not sure what will happen with the permissions of the files if we use such
> tools with our samba server. 
> 
>  
> 
> So my questions would be:
> 
>  
> 
> -          Are there any procedure/best practices how to migrate to samba
> using external LDAP server?
> 

MIGRATE TO samba, or FROM samba, TO or FROM what? You speak of using an 
'external ldap server' above, is your intent to move away from using ldap
and do 
things just with samba tdb backend, or do you want to move away from using
LDAP 
to map to Active Directory SID's and just use LDAP to store the account 
information in alltogther... OR are you simply talking about migrating data
(the 
1.2TB you spoke of above) from one server to another - in which case, ya
might 
look into rsync.

Either way, a little clearification could go a long way, and a clearer
question 
always leads to a more concise answer.

> -          How can we create the appropriate mapping on the external LDAP
> server to maintain the permissions?
> 
>  

NO idea, whatsoever, as to what you are asking here, see answer above;
mapping 
for what; file permission, user data, and what exactly is meant by 'external

ldap server', is it not on your network? Or by 'external', do you simply
mean 
it's not part of the samba package, or that it's actually running on a
different 
machine alltogether?


> 
> Any help would be appreciated and please do not reply with emails like
> "don't use samba, use NetApp" what happened in the past. We are not
> interested in any other expensive NAS solution.
> 
>  

This kinda makes me think you're using the Samba server as a back-end to
store 
the files for a Windows server; why else others would have reccomended
netapp is 
beyond me? Are you using samba to service the end users, or samba to service
as 
a SAN-store of sorts to other windows servers in-turn servicing the end
users? 
Too many questions and not enough details provided by you make it hard for 
anyone to help.

> 
> Thanks in advance.
> 
>  
> 
> Best regards,
> 
>  
> 
> Pseudomizer
> 
>  
> 

My suggestion; re-post with:

  A) First, what exactly are you trying to accomplish; what are your long
term 
goals?

  B) Secondly, tell us how you're doing it now, and what specifically you
don't 
like or what doesn't work (well).

  C) Lastly, explain what you want us (the mailing list) to send back to
you; 
what do you want us to explain or help with, or do, changes with
samba/etc...


Your question asking is good, but your method of asking provides us with
just 
enough information to shake our heads and ask 'why, what-the, huh? ' ...
take 
the time and clarify a little bit as to what you're looking for and perhaps 
you'll recieve better replies.


-- 
Nathan Vidican
nvidican at wmptl.com
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba