[Samba] Howto migrate shares from samba 3 / ADUC changing uid/uidnumber when activating UNIX (posix) attributes
Henrik Langos
hlangos-samba at innominate.com
Wed Jun 18 08:41:14 MDT 2014
Hi Stéphane,
On 06/18/14 16:12, Stéphane PURNELLE wrote:
> Hi
>
> Answer in the text
>
>
> -----------------------------------
> Stéphane PURNELLE Admin. Systèmes et Réseaux
> Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
>
> samba-bounces at lists.samba.org wrote on 18/06/2014 15:47:38:
>
>> De : Henrik Langos <hlangos-samba at innominate.com>
>> A : samba at lists.samba.org,
>> Date : 18/06/2014 15:48
>> Objet : [Samba] Howto migrate shares from samba 3 / ADUC changing
>> uid/uidnumber when activating UNIX (posix) attributes
>> Envoyé par : samba-bounces at lists.samba.org
>>
>> Hi,
>>
>> I've been using Samba 3 (standalone server, workgroup setup) for a long
>> looong time and now I want to migrate to Samba 4 AD DC setup with
>> clients joined to the newly created AD domain and all the bells and
>> whistles that come with it.
>>
>> I've setup an AD DC (Debian wheezy with samba from backports) that will
>> only handle authentication and a second AD DC that will also serve
>> shares. Replication between those works fine. Group policies work. Even
>> roaming profiles. So far so good.
> Why a second DC for that ?
> A simple samba 4 as file-server will be more great for that
>
Reliability and scalability.
- I wanted to make sure that the whole replication business works.
- In case the primary AD goes down I want to make sure the shares server
can keep working.
- In case I have to take the shares server down, I want authentication
to continue to work.
- If the shares server is under heavy load I don't want the
authentication to suffer.
I have a separate LDAP/Kerberos infrastructure already and if the whole
thing works reliably I may even move those functions to the samba
cluster some day.
>> I'd like to know how to best migrate those shares without losing the
>> ownership information and timestamps, and without losing the ability to
>> use ADUC in the future to manage the posix attributes.
>>
>> Any ideas / further information you need?
> For the AD part (user and group) I used the classic-upgrade feature
> https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29
>
> With that I have same uid/uidNumber than my older server
> For the file-server I use nslcd for getting uid/uidnumber from AD
My current Samba server is a stand alone Samba 3 server (security = user)
with the user information stored in LDAP.
I think the classic-upgrade only works if you have a NT4 Domain, doesn't it?
In my case there is no prior domain.
Also I'd like to avoid messing with the current server to
A) have a fall back option if things go horribly wrong, and
B) to have a clean start without a lot of legacy data lurking in the
corners.
(There are lots of LDAP attributes in user objects on that old LDAP
server that
never got used because of "security = user" and I wouldn't want that
mostly unmaintained
data to suddenly become "active".)
cheers
-henrik
More information about the samba
mailing list