[Samba] How to move shares from DC to MS preserving permissions?
Denis CARDON
dcardon at tranquil.it
Fri Apr 1 12:46:53 UTC 2022
Hi Rowland,
Le 01/04/2022 à 14:22, Rowland Penny via samba a écrit :
> On Fri, 2022-04-01 at 14:12 +0200, Denis CARDON via samba wrote:
>> Hi Antonio,
>>
>> Le 01/04/2022 à 11:53, Antonio Trogu via samba a écrit :
>>> I need to move some shares from an AD DC to a new member server
>>> joined
>>> to the domain. These shares are on LVMs on iSCSI targets, but when
>>> I
>>> mount them on the new member server they are not accessible to the
>>> domain's users except to Administrator. Is it possible to configure
>>> the
>>> member server's Samba to preserve users' permissions on the moved
>>> shares
>>> without having to propagate them again (on hundreds of TBs)?
>>
>> if you are confortable with python-ldb / python-tdb you can use TDB
>> mapping on the member server and recreate the tdb map by script.
>>
>> You can read current mapping from idmap.ldb on the domain controller
>> and
>> re-inject them in the tdb map on the member server.
>
> Are you sure about that Denis ?
> On a a DC, idmap.ldb contains different format records to what a Unix
> domain member expects.
> I would have thought using rsync to copy the data would be a better
> alternative.
idmap.ldb and winbindd_idmap.tdb does not have the same structure, but
you can recreate one on the file server with the proper format using
some python scripting. It's just a mapping tables.
The thing that couldn't be mapped is having a group as a file owner
(possible on a DC but not on a member server), but I wouldn't expect
this kind of situation on a fileshare.
I don't know exactly how the extended attribute NTACL would behave (if
you happen to need them), but if there are complexe ACLs, it is better
to do it on a Windows client with setacl.exe anyway.
Cheers,
Denis
> Rowland
>
>
>
More information about the samba
mailing list