[Samba] Moving roaming profiles between domains, risky?
L.P.H. van Belle
belle at bazuin.nl
Mon May 14 13:48:26 UTC 2018
Hai,
Sorry for the late reply, but yes, this is a risky move.
Did you make sure this the DOMAIN SID's are exact the same between old and new servers?
This:
rsync -av --progress --xattrs --rsh=ssh
Does not copy the (windows) acl's.
Look at https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaround
Howto to this with rsync and unison, the combination catches the acl also.
I suggest the following, or do the copy from a windows client or the following.
Create a new user on the new server and login /logout with a pc.
Check the user profile rights with getfacl
Check the user homedir right with getfacl.
And set the correct rights back after the copy.
Its a bit the same as my "check-get-sysvol" script.
https://github.com/thctlo/samba4/blob/master/samba-check-set-sysvol.sh
If you have a look, the function : Create_DC_SYVOL_ACL_FILE
With the layout you want, and you need to adapt that to your users profile and home folder.
I hope it explains enough.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: maandag 14 mei 2018 14:58
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Moving roaming profiles between domains, risky?
>
>
> > But i've tried to move/copy old profile to the new domain, and seems
> > work, with no glitch. I've done simply:
> > root at vdmsv1:/srv/samba/profiles# rsync -av --progress
> --xattrs --rsh=ssh <oldntserver>:/srv/samba/profiles/gaio.V2 .
> > chown -R :"domain users" gaio.V2
> > <run a script that fix group permission, prevent
> settings ACL mask incorrectly>
> [...]
> > Can i be confident that something strage does not brake all things
> > sooner or later?
>
> I reply myself. Does not work.
>
> Probably worked for me because i'm in 'domain admins' group, eg i'm an
> administrator.
>
> I've tried as a normal user, and logon failed mysteriously (error
> starting windows profile services, something like that) and with only
> some generic winlogon errors in windows events.
>
> Probably i've to sythetize correctly the ACL in 'user.SAMBA_PAI' to
> have it work, but... it takes less time to move 'Desktop' and some
> 'Appdata/Roaming/...' folders.
>
>
> Thanks.
>
> --
> dott. Marco Gaiarin GNUPG
> Key ID: 240A3D66
> Associazione ``La Nostra Famiglia''
> http://www.lanostrafamiglia.it/
> Polo FVG - Via della Bontà , 7 - 33078 - San Vito al
> Tagliamento (PN)
> marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711
> f +39-0434-842797
>
> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
> http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list