[Samba] Moving roaming profiles between domains, risky?

L.P.H. van Belle belle at bazuin.nl
Mon May 14 13:48:26 UTC 2018


Sorry for the late reply, but yes, this is a risky move.
Did you make sure this the DOMAIN SID's are exact the same between old and new servers? 

rsync -av --progress --xattrs --rsh=ssh  
Does not copy the (windows) acl's. 

Look at https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaround 
Howto to this with rsync and unison, the combination catches the acl also. 

I suggest the following, or do the copy from a windows client or the following. 

Create a new user on the new server and login /logout with a pc. 

Check the user profile rights with getfacl 
Check the user homedir right with getfacl. 

And set the correct rights back after the copy. 
Its a bit the same as my "check-get-sysvol" script. 

If you have a look, the function : Create_DC_SYVOL_ACL_FILE 
With the layout you want, and you need to adapt that to your users profile and home folder. 

I hope it explains enough. 



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: maandag 14 mei 2018 14:58
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Moving roaming profiles between domains, risky?
> > But i've tried to move/copy old profile to the new domain, and seems
> > work, with no glitch. I've done simply:
> > 	root at vdmsv1:/srv/samba/profiles# rsync -av --progress 
> --xattrs --rsh=ssh <oldntserver>:/srv/samba/profiles/gaio.V2 .
> > 	chown -R :"domain users" gaio.V2
> > 	<run a script that fix group permission, prevent 
> settings ACL mask incorrectly>
> [...]
> > Can i be confident that something strage does not brake all things
> > sooner or later?
> I reply myself. Does not work.
> Probably worked for me because i'm in 'domain admins' group, eg i'm an
> administrator.
> I've tried as a normal user, and logon failed mysteriously (error
> starting windows profile services, something like that) and with only
> some generic winlogon errors in windows events.
> Probably i've to sythetize correctly the ACL in 'user.SAMBA_PAI' to
> have it work, but... it takes less time to move 'Desktop' and some
> 'Appdata/Roaming/...' folders.
> Thanks.
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list