[Samba] Net rpc share migrate

Guillaume guibzh at gmail.com
Tue Jan 31 08:13:18 GMT 2006 

I'm trying to migrate my NT4 PDC to samba. So I currently have a samba
3.0.14a serveur with ldap backend as running BDC. I successfully migrated
SAM database with net
vampire command. However when I tried to migrate shares (or files... same
error) with this command :
 net rpc share migrate shares test -S 'SERVEURNT4' --acls -v -U
Administrateur%secret

I get this error :
migrating: [test], path: F:\test, comment: , including share-ACLs
DACL
        ACL     Num ACEs:       2       revision:       2
        ---
        ACE
                type: ACCESS ALLOWED (0) flags: 0
                Specific bits: 0x1ff
                Permissions: 0x1f01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS
WRITE_DAC_ACCESS READ_CONTROL_ACCESS DELETE_ACCESS
                SID: S-1-5-21-977737114-1106802783-817656539-500

        ACE
                type: ACCESS ALLOWED (0) flags: 0
                Specific bits: 0x1ff
                Permissions: 0x1f01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS
WRITE_DAC_ACCESS READ_CONTROL_ACCESS DELETE_ACCESS
                SID: S-1-1-0

cannot add share: WERR_ACCESS_DENIED

Here my samba configuration file and ldap structure :
smb.conf
[global]
        passdb backend = ldapsam:ldap://localhost, guest
        ldap admin dn = "cn=Manager,dc=masociete,dc=fr"
        ldap ssl = off
        ldap delete dn = no
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Machines
        ldap group suffix = ou=Groups
        ldap suffix = dc=masociete,dc=fr
        workgroup = masociete
        netbios name = SAMBAMIGR
        encrypt passwords = yes
        os level = 0
        domain logons = Yes
        domain master = No
        local master = No


        ; Utilisé lors du net vampire
        add machine script = /usr/sbin/smbldap-useradd -g sambamachines -w
-c "Samba Machine" -d /dev/null -s /bin/false '%u'
        add user script = /usr/sbin/smbldap-useradd -g sambausers -c "Samba
User" -d /home/%U -s /bin/false '%u'
        add group script = /usr/sbin/smbldap-groupadd '%g'
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        security = user
        log file = /var/log/samba/%m.log
        log level = 10
# eviter les probleme de fichier ayant pour seul proprietaire un group
        force unknown acl user = yes
#        ldap idmap suffix = ou=Users
        nt acl support = yes
        inherit acls = yes
[homes]
        comment = Home Directories
        path = /home/%U
        read only = No
        create mask = 0700
        directory mask = 0700
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /home/samba/netlogon
        guest ok = Yes
        browseable = No
        share modes = No

base.ldif
dn: dc=masociete,dc=fr
objectClass: dcObject
objectClass: organization
o: masociete
dc: masociete

# Conteneur d'utilisateurs Samba
dn: ou=Users,dc=masociete,dc=fr
objectclass: top
objectclass: organizationalUnit
ou: Users

# Conteneur de groupes Samba
dn: ou=Groups,dc=masociete,dc=fr
objectclass: top
objectclass: organizationalUnit
ou: Groups

# Conteneur de machines Samba
dn: ou=Machines,dc=masociete,dc=fr
objectclass: top
objectclass: organizationalUnit
ou: Machines


Thanks for helping.

More information about the samba mailing list