On 31/01/2021 18:16, Marco Shmerykowsky via samba wrote:> > On 2021-01-31 1:11 pm, Rowland penny via samba wrote: >> On 31/01/2021 17:35, Marco Shmerykowsky wrote: >>> >>>>>> I think what happened was that Samba ignored your malformed line and >>>>>> everything ended up in the default (*) domain. Now you have fixed >>>>>> the >>>>>> problem, your users & groups will now have different numeric ID's, I >>>>>> Do hope you don't have a lot of data on that computer. >>>>>> >>>>> >>>>> Unfortunately, there is a ton of data.? On the upside, I was planning >>>>> to move all this data to a new server in the next week or two. >>>>> >>>>> Is there a way to fix this either on the existing server or >>>>> the new server? >>>>> >>>> >>>> Your problem will be in identifying the correct owners of the files, >>>> if everything looks okay now, I would very quickly setup a new Unix >>>> domain member and copy everything to the new one, this should work, >>>> but I would check? all ownerships on the new machine. >>> >>> It may not be such a big problem since ownership is really >>> controlled by the group and not the user. Only one group can >>> access the corresponding share directory. >>> >>> My migration plan was to copy the smb.conf file on the old >>> server to the new server, create the same directories, >>> apply permissions to the new directories and use scp to >>> copy the data from old to the new.? Lastly, I would modify >>> the group policies to point to the new server. >>> >>> Sounds reasonable? >>> the old server to the new server. >> >> >> That should work, provided you ensure that the smb.conf on the new >> computer is correct. >> >> Having said that, if it is only the group you are worried about, just >> fix the smb.conf on the old computer (which at this stage could just >> be restarting Samba) and then fix the group ownership of the files and >> directories. > > Out of ignorance, how do I fix the group ownership? of the files & > directories? >This would depend on your computer, at the moment your files will show as belonging to the group 'owners', but if you restart Samba, it is probable they will then show as belonging? to '2011'. If this is the case, then you can use chown or chgrp to change the group ownership back to 'owners'. I am not saying this is going to be a 5 minute job ? Rowland
On 2021-01-31 1:31 pm, Rowland penny via samba wrote:> On 31/01/2021 18:16, Marco Shmerykowsky via samba wrote: >> >> On 2021-01-31 1:11 pm, Rowland penny via samba wrote: >>> On 31/01/2021 17:35, Marco Shmerykowsky wrote: >>>> >>>>>>> I think what happened was that Samba ignored your malformed line >>>>>>> and >>>>>>> everything ended up in the default (*) domain. Now you have fixed >>>>>>> the >>>>>>> problem, your users & groups will now have different numeric >>>>>>> ID's, I >>>>>>> Do hope you don't have a lot of data on that computer. >>>>>>> >>>>>> >>>>>> Unfortunately, there is a ton of data.? On the upside, I was >>>>>> planning >>>>>> to move all this data to a new server in the next week or two. >>>>>> >>>>>> Is there a way to fix this either on the existing server or >>>>>> the new server? >>>>>> >>>>> >>>>> Your problem will be in identifying the correct owners of the >>>>> files, >>>>> if everything looks okay now, I would very quickly setup a new Unix >>>>> domain member and copy everything to the new one, this should work, >>>>> but I would check? all ownerships on the new machine. >>>> >>>> It may not be such a big problem since ownership is really >>>> controlled by the group and not the user. Only one group can >>>> access the corresponding share directory. >>>> >>>> My migration plan was to copy the smb.conf file on the old >>>> server to the new server, create the same directories, >>>> apply permissions to the new directories and use scp to >>>> copy the data from old to the new.? Lastly, I would modify >>>> the group policies to point to the new server. >>>> >>>> Sounds reasonable? >>>> the old server to the new server. >>> >>> >>> That should work, provided you ensure that the smb.conf on the new >>> computer is correct. >>> >>> Having said that, if it is only the group you are worried about, just >>> fix the smb.conf on the old computer (which at this stage could just >>> be restarting Samba) and then fix the group ownership of the files >>> and >>> directories. >> >> Out of ignorance, how do I fix the group ownership? of the files & >> directories? >> > > This would depend on your computer, at the moment your files will show > as belonging to the group 'owners', but if you restart Samba, it is > probable they will then show as belonging? to '2011'. If this is the > case, then you can use chown or chgrp to change the group ownership > back to 'owners'. I am not saying this is going to be a 5 minute job ?The directories and files on the server all have the ownership of "whatever user created the filed ie jdoe" and "domain users" and permissions rwxrwx---+ Access is controlled by the group policies.
>>>> Having said that, if it is only the group you are worried about, just >>>> fix the smb.conf on the old computer (which at this stage could just >>>> be restarting Samba) and then fix the group ownership of the files and >>>> directories. >>> >>> Out of ignorance, how do I fix the group ownership? of the files & >>> directories? >>> >> >> This would depend on your computer, at the moment your files will show >> as belonging to the group 'owners', but if you restart Samba, it is >> probable they will then show as belonging? to '2011'. If this is the >> case, then you can use chown or chgrp to change the group ownership >> back to 'owners'. I am not saying this is going to be a 5 minute job ? > > The directories and files on the server all have the ownership of > "whatever user created the filed ie jdoe" and "domain users" > and permissions rwxrwx---+ > > Access is controlled by the group policies.I guess I'm still unclear on if this is fixable. If I take a directory listing of anything in the shared directories, I get something like this: drwxrwx---+ 5 root domain admins 4096 Jan 5 13:28 share-1 drwxrwx---+ 9 root domain admins 4096 Jan 5 13:28 share-2 drwxrwx---+ 744 root domain admins 28672 Jan 26 09:51 share-3 drwxrwx---+ 10 root domain admins 4096 Mar 13 2020 share-4 drwxrwx---+ 14 root domain admins 4096 Jan 25 16:12 share-5 The user/group assignment has looked like this from day one. The only variation it that the "user" changes to match whatever windows user created the file. It is not an important attribute and could be reset to one person. I'm getting that "permission denied" warning on all these shares. The "group" assigned on Linux hasn't changed from the original configuration. How do the Security Groups in Windows AD fit into this?