[Samba] Howto migrate shares from samba 3 / ADUC changing uid/uidnumber when activating UNIX (posix) attributes
Stéphane PURNELLE
stephane.purnelle at corman.be
Wed Jun 18 08:12:14 MDT 2014
Hi
Answer in the text
-----------------------------------
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
samba-bounces at lists.samba.org wrote on 18/06/2014 15:47:38:
> De : Henrik Langos <hlangos-samba at innominate.com>
> A : samba at lists.samba.org,
> Date : 18/06/2014 15:48
> Objet : [Samba] Howto migrate shares from samba 3 / ADUC changing
> uid/uidnumber when activating UNIX (posix) attributes
> Envoyé par : samba-bounces at lists.samba.org
>
> Hi,
>
> I've been using Samba 3 (standalone server, workgroup setup) for a long
> looong time and now I want to migrate to Samba 4 AD DC setup with
> clients joined to the newly created AD domain and all the bells and
> whistles that come with it.
>
> I've setup an AD DC (Debian wheezy with samba from backports) that will
> only handle authentication and a second AD DC that will also serve
> shares. Replication between those works fine. Group policies work. Even
> roaming profiles. So far so good.
Why a second DC for that ?
A simple samba 4 as file-server will be more great for that
> Now I'd like to transfer all files from the current shares that only
> have user/group information (no xattr / ACLs) onto the new shares
server.
>
> I tried to create the users using samba-tool and giving "--uid" and
> "--uid-number" as parameters.
>
> This apparently works nicely and (thanks to winbind) I can see those
> users on the shares server with exactly the uidNumber (in the 2000-3000
> range) that I've provided on the "samba-tool user create" command line,
> using "getent passwd".
>
> My plan was to simply run "rsync --numeric-ids" to copy the content of
> those old shares over to the new shares server. I'd have to use
> "--numeric-ids" since winbind will make the users visible to linux as
> "SADOM+user" instead of simply "user".
>
>
> However, if I use ADUC and activate the "Unix Attributes" (selecting a
> "NIS Domain" to do so) for a user, the uidNumber, uid, and loginShell
> attributes get overwritten. The uidNumber visible via winbind and
> ldapsearch changes to something in the "10000-20000" range, uid changes
> to the Windows username (currently that is not an issue as they are the
> same but it may become one) and login shell changes to the one visible
> in ADUC.
>
> If I change back (deselecting the NIS Domain) then ldapsearch shows that
> those attributes are gone and "getent passwd" will report a uid number
> in the 3000000+ range. (As if they never had any posix attributes.)
>
> ADUC is currently not the way I do user administration but I may not
> stay the only System Administrator and Windows-trained administrators
> will certainly want to use it. Changing uid numbers sometime later seems
> like a very bad idea thus my question on how to do it right the first
time.
>
> I'd like to know how to best migrate those shares without losing the
> ownership information and timestamps, and without losing the ability to
> use ADUC in the future to manage the posix attributes.
>
> Any ideas / further information you need?
For the AD part (user and group) I used the classic-upgrade feature
https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29
With that I have same uid/uidNumber than my older server
For the file-server I use nslcd for getting uid/uidnumber from AD
>
> Thanks for your help!
> cheers
> -henrik
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list