[Samba] Copying files between 2 samba serv with ACL in mind using winbind database - solution?

Piotr Legiecki piotrlg at pum.edu.pl
Tue Jul 26 03:19:18 MDT 2011 

Hi

The question how to copy files and preserve ACLs appears from time to
time but I have not find the right (stable and working) solution so far
on this list and on the other Internet sites. So after some thinking I
have 'discovered' my own solution.

But what is the situation. I have old samba 3.0.24 (debian) on old
computer. Now there is new computer with new samba 3.5.6 (debian 6.x).
Both are working as domain member servers (in the same domain). The
problem is: copy files form old to new server keeping in mind that there
are 100 users with their ACLs on the files.

I'm using winbindd. There are of course different UID-SID mappings on
those servers so the solutions are two (IMHO):
1. Somehow set the new server mappings on the copied files or
2. Transfer the mappings itself from old to new server

Ad.1
It is possible using some windows station to copy all the files from one
server to another. But it is a bit extra work and time consuming.
Ad.2
Use whatever linux copy tools (tar etc) to copy files. Faster but here
is the problem I have faced.

First I have dumped winbindd_idmap.tdb mapping on oldserver:
net idmap dump /var/lib/samba/winbindd_idmap.tdb > idmap_dump.txt
copied this file to new server and restored it:
net idmap restore /var/lib/samba/winbindd_idmap.tdb < idmap_dump.txt
during this restore operation the following errors (warnings?) appeared:
....
>> ignoring invalid line []
.....
>> ignoring invalid line [BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB]
.....
Why? What does it mean? Ignore or it is serious?
Looking at the dumped file it seems to be ok.

So I have tried other solution, just copied the database file
winbindd_idmap.tdb from old to new server. After flushing the samba cache
net cache flush
and restarting winbind
the ACLs appeared to be the same on both servers. So after untaring the
files from old server it just started to work.

But my question: is it safe to do it the way I did it? The fields in
databases tends to change so I have no idea if winbindd_idmap.tdb on the
samba 3.0 is the same as on the 3.5?

Regards
Piotr

More information about the samba mailing list