[Samba] How to migrating data from one samba server with "old" access config to new server with windows ACL?

Denis Cardon dcardon at tranquil.it
Fri Jan 12 12:11:28 UTC 2018

Hi Götz,

> I try to find a solution for migrating files from a samba server with share access configure at share level in the smb.conf to a new fileserver with Windows ACL configured shares.
> I did a rsync from the old share to the new server and tried to set the ACL on windows with the "Computer Manager“. But I get an error when applying the rights that the enumerating of objects in the container fails.

Perhaps you should try to remove all old ACL first on linux side, and 
then reset them from Windows side.
  setfacl -R -b /home/myshare
  chown -R administrator:"domain users" /home/myshare
  find /home/myshare -type d -exec chmod 700 {} \;
  find /home/myshare -type f -exec chmod 600 {} \;

It's probably overkill, but it should make it work for you.

samba-tool ntacl get/set --as-sddl is currently buggy on member servers 
(it works properly on domain controller though). It would allow to 
script real Windows ACL the windows way directly on your fileserver! I 
now SDDL is ugly, but it is the only way to do it right :-)



> The new server is a samba 4.7.x
> On other shares which are filled from scratch (no data migration from an old server) are working fine and use the ACL I add.
> Any suggestion hints and tricks are welcome.
> 	Regards . Götz

Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0)

More information about the samba mailing list