[Samba] updating TDB user/group entries to RID
Oleg Cherkasov
o1e9 at member.fsf.org
Fri Oct 27 15:22:06 UTC 2017
On 27. okt. 2017 16:46, Rowland Penny via samba wrote:
> On Fri, 27 Oct 2017 15:17:56 +0200
> Oleg Cherkasov via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> I wonder if there are any tools to simplify transition from TDB to
>> RID on existing system in production. Long story short, by mistake
>> one of our servers were configured with default idmap set to a range:
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>>
>> The server had joined domain and everything works just fine however I
>> may need to fix user/group ids and make it like that:
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> idmap config MYDOMAIN : backend = rid
>> idmap config MYDOMAIN : range = 8000-999999999
>>
>> Existing users and groups are still in TDB so RID does not have any
>> effect unless uncached user used.
>>
>> I suspect I may need to do some scripting with tdbtool and
>> getfacl/setfacl to be able to migrate existing filesystem to new ids.
>> Using robocopy may be expensive to pull and push files because
>> filesystem is more than 35Tb+ ...
>>
>
> From what I understand, your domain users and groups are being
> allocated IDs in the 3000-7999 range, if this is so, it will probably
> be be easier to script around 'getent passwd' and 'getent group'.
Correct, some users and groups are in 3000-7999 so would have to
translate and setfacl to range 8000-999999999.
More information about the samba
mailing list