Stéphane Purnelle
2003-Oct-13 15:58 UTC
[Samba] Re: Migrating Windows NT Environments to Linux
What is NGROUPS_MAX : - is the nuber of groups than a user can have (32 groups per user) - or is the max number of groups on the system (32 groups) Bertil Starck a ?crit :>Hi! > >Anyone experienced the limitation of "NGROUPS_MAX 32" in the kernel when >running Samba/Winbind or solved the "Builtin Group Administrators" and the >ACL considerations when migrating from WinNT to Linux? > >Here follows our knowledge about the "NGROUPS_MAX 32" stuff and our >aproach to migrate data with Robocopy. If there's someone having a better >way to migrate, please speak up. > >- We have the PDC on the WinNT-side and we run into problem with the >"NGROUPS_MAX 32" limit set in the kernel. Because of this a user that have >more than 32 groups in his account will get the "access denied" msg and in >the Linux log you will se this msg: > "Oct 2 14:06:44 cslinux15 smbd[3981]: Unable to initgroups. Error was Operation not permitted" > >The "man setgroups" will explain further about the NGROUPS_MAX limit. > > >- Another consideration when migrating is the ACL. Samba/Winbind is not >able to "see" the Builtin Groups in WinNT, and can because of that not set >the ACL (setfacl) when e.g. the Administrators is the owner of a file. To >try to solve this "Builtin"-problem we run a scripts before migrating data >that changed any member in the Builtin group to a more useful name we used >the ResourceKit command "subinacl". > We try to use Robocopy for the data-transfer with this options "robocopy "j:" "f:\pilot\sthv0016\cdcs" /copy:datsou /mir /r:0 /ns /nc /nfl >/ndl /log:f:\pilot\roblog_xxx.txt /tee", >the mirror (mir) function in robocopy seems not to work when copying to >Linux though. > > >- Another issue is the Local Group handling. > >For our company it seems that the "NGROUPS_MAX 32" is a show stopper for >the moment, maybe You will have any experience in this matter. > > >Best Regards Bertil Starck > > >