[Samba] Howto migrate shares from samba 3 / ADUC changing uid/uidnumber when activating UNIX (posix) attributes
Henrik Langos
hlangos-samba at innominate.com
Wed Jun 18 07:47:38 MDT 2014
Hi,
I've been using Samba 3 (standalone server, workgroup setup) for a long
looong time and now I want to migrate to Samba 4 AD DC setup with
clients joined to the newly created AD domain and all the bells and
whistles that come with it.
I've setup an AD DC (Debian wheezy with samba from backports) that will
only handle authentication and a second AD DC that will also serve
shares. Replication between those works fine. Group policies work. Even
roaming profiles. So far so good.
Now I'd like to transfer all files from the current shares that only
have user/group information (no xattr / ACLs) onto the new shares server.
I tried to create the users using samba-tool and giving "--uid" and
"--uid-number" as parameters.
This apparently works nicely and (thanks to winbind) I can see those
users on the shares server with exactly the uidNumber (in the 2000-3000
range) that I've provided on the "samba-tool user create" command line,
using "getent passwd".
My plan was to simply run "rsync --numeric-ids" to copy the content of
those old shares over to the new shares server. I'd have to use
"--numeric-ids" since winbind will make the users visible to linux as
"SADOM+user" instead of simply "user".
However, if I use ADUC and activate the "Unix Attributes" (selecting a
"NIS Domain" to do so) for a user, the uidNumber, uid, and loginShell
attributes get overwritten. The uidNumber visible via winbind and
ldapsearch changes to something in the "10000-20000" range, uid changes
to the Windows username (currently that is not an issue as they are the
same but it may become one) and login shell changes to the one visible
in ADUC.
If I change back (deselecting the NIS Domain) then ldapsearch shows that
those attributes are gone and "getent passwd" will report a uid number
in the 3000000+ range. (As if they never had any posix attributes.)
ADUC is currently not the way I do user administration but I may not
stay the only System Administrator and Windows-trained administrators
will certainly want to use it. Changing uid numbers sometime later seems
like a very bad idea thus my question on how to do it right the first time.
I'd like to know how to best migrate those shares without losing the
ownership information and timestamps, and without losing the ability to
use ADUC in the future to manage the posix attributes.
Any ideas / further information you need?
Thanks for your help!
cheers
-henrik
More information about the samba
mailing list