[Samba] Keeping Windows ACL's when migrating to SAMBA Server
John Drescher
drescherjm at gmail.com
Sun Dec 12 07:38:32 MST 2010
On Sat, Dec 11, 2010 at 2:01 PM, George <greenadmins at gmail.com> wrote:
> We setup a Ubuntu SAMBA 3.5 server and would like it to replace our current
> Windows 2003 file server. I can manually copy the files over but need to
> keep all the Windows UID's and GID's but am having trouble copying the files
> over. Does anyone have any idea what im doing wrong or have any ideas for me
> to do this?
>
> I have pasted the contents of my smb.conf below my name.
>
> George
> ..............................................................................................
> smb.conf
>
>
> [global]
> workgroup = DOMAIN
> realm = DOMAIN.LOCAL
> netbios name = bed-fs1
> # server string = %h server (Samba %v, Ubuntu)
> security = ADS
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> domain master = No
> dns proxy = No
> usershare allow guests = Yes
> panic action = /usr/share/samba/panic-action %d
> idmap uid = 1000-29999
> idmap gid = 1000-29999
> template shell = /bin/bash
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
>
> #[homes]
> #comment = Home Directories
> #browseable = yes
> #valid users = %S
> #writable = yes
>
>
> [servers]
> path = /servers
> valid users = @"DOMAIN+Domain Admins" , @"DOMAIN+Domain Users" ,
> @"DOMAIN+Domain Team"
> admin users = @"DOMAIN+Domain Admins" , root , administrator
> write list = @"DOMAIN+Domain Team" , @"DOMAIN+Domain Admins" ,
> @"DOMAIN+Domain Users" , root , administrator
> directory mask = 0700
> create mode = 0700
> force create mode = 0700
> force directory mode = 0700
> read only = no
> writeable = yes
> available = yes
> browseable = yes
> public = yes
> writable = yes
> guest ok = yes
> acl compatibility = auto
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> #acl map full control = no
> force unknown acl user = No
> dos filemode = no
> inherit permissions = yes
> store dos attributes = yes
> map archive = No
> map hidden = No
> map system = No
> map readonly = No
> nt acl support = Yes
> map acl inherit = yes
> profile acls = No
> inherit owner = No
> inherit acls = yes
> acl group control = yes
> vfs objects = acl_xattr
>
> [man_fs2_e]
> path = /servers/man_fs2/e
> valid users = @"DOMAIN+Domain Admins" , @"DOMAIN+Domain Users" ,
> @"DOMAIN+Domain Team"
> admin users = @"DOMAIN+Domain Admins" , root , administrator
> write list = @"DOMAIN+Domain Team" , @"DOMAIN+Domain Admins" ,
> @"DOMAIN+Domain Users" , root , administrator
> directory mask = 0700
> create mode = 0700
> force create mode = 0700
> force directory mode = 0700
> read only = no
> writeable = yes
> available = yes
> browseable = yes
> public = yes
> writable = yes
> guest ok = yes
> acl compatibility = auto
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> #acl map full control = no
> force unknown acl user = No
> dos filemode = no
> inherit permissions = yes
> store dos attributes = yes
> map archive = No
> map hidden = No
> map system = No
> map readonly = No
> nt acl support = Yes
> map acl inherit = yes
> profile acls = No
> inherit owner = No
> inherit acls = yes
> acl group control = yes
> vfs objects = acl_xattr
>
I would verify that idmap and ACLs are working before moving files and
also get rid of the user list lines. Use ACLs instead.
John
More information about the samba
mailing list