[Samba] Howto migrate shares from samba 3 / ADUC changing uid/uidnumber when activating UNIX (posix) attributes
stephane.purnelle at corman.be
Wed Jun 18 09:30:03 MDT 2014
Stéphane PURNELLE Admin. Systèmes et Réseaux
Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
samba-bounces at lists.samba.org wrote on 18/06/2014 16:41:14:
> De : Henrik Langos <hlangos-samba at innominate.com>
> A : samba at lists.samba.org,
> Date : 18/06/2014 16:42
> Objet : Re: [Samba] Howto migrate shares from samba 3 / ADUC
> changing uid/uidnumber when activating UNIX (posix) attributes
> Envoyé par : samba-bounces at lists.samba.org
> Hi Stéphane,
> On 06/18/14 16:12, Stéphane PURNELLE wrote:
> > Hi
> > Answer in the text
> > -----------------------------------
> > Stéphane PURNELLE Admin. Systèmes et Réseaux
> > Service Informatique Corman S.A. Tel : 00 32
> > samba-bounces at lists.samba.org wrote on 18/06/2014 15:47:38:
> >> De : Henrik Langos <hlangos-samba at innominate.com>
> >> A : samba at lists.samba.org,
> >> Date : 18/06/2014 15:48
> >> Objet : [Samba] Howto migrate shares from samba 3 / ADUC changing
> >> uid/uidnumber when activating UNIX (posix) attributes
> >> Envoyé par : samba-bounces at lists.samba.org
> >> Hi,
> >> I've been using Samba 3 (standalone server, workgroup setup) for a
> >> looong time and now I want to migrate to Samba 4 AD DC setup with
> >> clients joined to the newly created AD domain and all the bells and
> >> whistles that come with it.
> >> I've setup an AD DC (Debian wheezy with samba from backports) that
> >> only handle authentication and a second AD DC that will also serve
> >> shares. Replication between those works fine. Group policies work.
> >> roaming profiles. So far so good.
> > Why a second DC for that ?
> > A simple samba 4 as file-server will be more great for that
> Reliability and scalability.
> - I wanted to make sure that the whole replication business works.
> - In case the primary AD goes down I want to make sure the shares server
> can keep working.
> - In case I have to take the shares server down, I want authentication
> to continue to work.
> - If the shares server is under heavy load I don't want the
> authentication to suffer.
> I have a separate LDAP/Kerberos infrastructure already and if the whole
> thing works reliably I may even move those functions to the samba
> cluster some day.
> >> I'd like to know how to best migrate those shares without losing the
> >> ownership information and timestamps, and without losing the ability
> >> use ADUC in the future to manage the posix attributes.
> >> Any ideas / further information you need?
> > For the AD part (user and group) I used the classic-upgrade feature
> > https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-
> > With that I have same uid/uidNumber than my older server
> > For the file-server I use nslcd for getting uid/uidnumber from AD
> My current Samba server is a stand alone Samba 3 server (security =
> with the user information stored in LDAP.
> I think the classic-upgrade only works if you have a NT4 Domain, doesn't
> In my case there is no prior domain.
if your samba3 server act as a PDC, it's a Nt4 domain.
I'm not sure that classic-upgrade test if your samba3 server act as a PDC
but use this feature permit to get all information including rfc2307 (unix
information) in AD
> Also I'd like to avoid messing with the current server to
> A) have a fall back option if things go horribly wrong, and
> B) to have a clean start without a lot of legacy data lurking in the
> (There are lots of LDAP attributes in user objects on that old LDAP
> server that
> never got used because of "security = user" and I wouldn't want that
> mostly unmaintained
> data to suddenly become "active".)
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba