samba - Oct 2005 - Migration to Samba using external LDAP server

Hello,

 

we are in the process of implementing a samba server running 3.0.14 and an
external LDAP server running Microsoft ADAM. We have it also running with
Open LDAP for UNIX under Redhat. It works fine for every user account that
accesses the samba instance. The user mapping is done and all works fine.

 

Now we have the major problem of the migration and I would need some
guidance here please.

 

The external LDAP server does the mapping from the UID/GID to the SID from
MS every time a new user accesses the samba instance. But now we want to
consolidate multiple servers (from the same domain) to this samba instance.
We have about ~2.000 users in our domain and we can not let all of them
contact the samba server to create a user mapping.

 

The current situation is that we have to copy about 1.2TB of data to this
samba server maintaining the user permissions. We are used to tools like
Robocopy or Xcopy to migrate data to windows servers but in this case we are
not sure what will happen with the permissions of the files if we use such
tools with our samba server. 

 

So my questions would be:

 

-          Are there any procedure/best practices how to migrate to samba
using external LDAP server?

-          How can we create the appropriate mapping on the external LDAP
server to maintain the permissions?

 

Any help would be appreciated and please do not reply with emails like
"don't use samba, use NetApp" what happened in the past. We are
not
interested in any other expensive NAS solution.

 

Thanks in advance.

 

Best regards,

 

Pseudomizer

Hello,

no one can help here? No hint how to do this? 

Please help. Thanks in advance.

Best regards,

Pseudomizer

-----Urspr?ngliche Nachricht-----
Von: samba-bounces+pseudomizer=lovetalks.de@lists.samba.org
[mailto:samba-bounces+pseudomizer=lovetalks.de@lists.samba.org] Im Auftrag
von Pseudomizer
Gesendet: Freitag, 21. Oktober 2005 17:27
An: samba@lists.samba.org
Betreff: [Samba] Migration to Samba using external LDAP server
Wichtigkeit: Hoch

Hello,

 

we are in the process of implementing a samba server running 3.0.14 and an
external LDAP server running Microsoft ADAM. We have it also running with
Open LDAP for UNIX under Redhat. It works fine for every user account that
accesses the samba instance. The user mapping is done and all works fine.

 

Now we have the major problem of the migration and I would need some
guidance here please.

 

The external LDAP server does the mapping from the UID/GID to the SID from
MS every time a new user accesses the samba instance. But now we want to
consolidate multiple servers (from the same domain) to this samba instance.
We have about ~2.000 users in our domain and we can not let all of them
contact the samba server to create a user mapping.

 

The current situation is that we have to copy about 1.2TB of data to this
samba server maintaining the user permissions. We are used to tools like
Robocopy or Xcopy to migrate data to windows servers but in this case we are
not sure what will happen with the permissions of the files if we use such
tools with our samba server. 

 

So my questions would be:

 

-          Are there any procedure/best practices how to migrate to samba
using external LDAP server?

-          How can we create the appropriate mapping on the external LDAP
server to maintain the permissions?

 

Any help would be appreciated and please do not reply with emails like
"don't use samba, use NetApp" what happened in the past. We are
not
interested in any other expensive NAS solution.

 

Thanks in advance.

 

Best regards,

 

Pseudomizer

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Monday 24 October 2005 11:14, Pseudomizer wrote:
> Hello,
>
> no one can help here? No hint how to do this?
>
> Please help. Thanks in advance.
If free support and help do not solve your problem you could try commercial 
support. Information is available from the Samba web site:

http://www.samba.org/samba/support/


- John T.

Thank you Matthew for this information but you told me what we have already
in place. So every tool you mentioned like rsync, tar, robocopy, xcopy is
already in place to copy the files to maintain the permissions.

The question will be what happens after the copy process? The files are now
copied to the new destination folder and now I have files there where the
owner of the file will be the windows user account who copied the file from
A to B. Assuming that there will be additional entries in the ACLs an
inherit of the permissions will not help here. The files will have entries
associated with specific SIDs.

Will Samba be able to create the mapping to these "old permissions"
when one
of the windows users try to access his files or other files?

Regards,

Pseudomizer

-----Urspr?ngliche Nachricht-----
Von: samba-bounces+pseudomizer=lovetalks.de@lists.samba.org
[mailto:samba-bounces+pseudomizer=lovetalks.de@lists.samba.org] Im Auftrag
von Matthew Easton
Gesendet: Dienstag, 25. Oktober 2005 03:54
An: Pseudomizer
Cc: samba@lists.samba.org
Betreff: Re: AW: AW: [Samba] Migration to Samba using external
LDAPserver(CLARIFICATION NEEDED)


On Oct 24, 2005, at 1:43 PM, Pseudomizer wrote:
> If we would copy the data with simple xcopy or robocopy using e.g.  
> an admin
> account from the domain, then the files which will be created have  
> which
> owner? Will the permissions still remain?
Other poster mentioned rsync.  That or tar can preserve permissions  
as they are in the original file. You can run them over SSH to  
transfer files to another server.

Not clear to me from your post whether you will need to run a tool on  
windows to move the data around.  If so, there is at least the  
windows ssh client called putty
and a win32 port of tar http://gnuwin32.sourceforge.net/packages/tar.htm
but I suppose that once you tar up the files, you can simply drag  
them into a share on the new server and untar them with the -p flag.

Aha.  Now I see you may have some issue mapping the old windows user  
to the new linux user uid. You can instead force user and group by  
manipulating the attributes of the enclosing directory.
  -- see the earlier thread "[Samba] See inherit user, need inherit  
group"
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

If you provide Samba with the ACLs during the copy -- and if the userid
mapping is working -- the permissions and such will be preserved

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21281810.html
describes a list of tools that will copy with ACL preservation



On 10/25/2005 2:50 PM, Pseudomizer wrote:
> Thank you Matthew for this information but you told me what we have already
> in place. So every tool you mentioned like rsync, tar, robocopy, xcopy is
> already in place to copy the files to maintain the permissions.
> 
> The question will be what happens after the copy process? The files are now
> copied to the new destination folder and now I have files there where the
> owner of the file will be the windows user account who copied the file from
> A to B. Assuming that there will be additional entries in the ACLs an
> inherit of the permissions will not help here. The files will have entries
> associated with specific SIDs.
> 
> Will Samba be able to create the mapping to these "old
permissions" when one
> of the windows users try to access his files or other files?
> 
> Regards,
> 
> Pseudomizer
> 
> -----Urspr?ngliche Nachricht-----
> Von: samba-bounces+pseudomizer=lovetalks.de@lists.samba.org
> [mailto:samba-bounces+pseudomizer=lovetalks.de@lists.samba.org] Im Auftrag
> von Matthew Easton
> Gesendet: Dienstag, 25. Oktober 2005 03:54
> An: Pseudomizer
> Cc: samba@lists.samba.org
> Betreff: Re: AW: AW: [Samba] Migration to Samba using external
> LDAPserver(CLARIFICATION NEEDED)
> 
> 
> On Oct 24, 2005, at 1:43 PM, Pseudomizer wrote:
> 
> 
>>If we would copy the data with simple xcopy or robocopy using e.g.  
>>an admin
>>account from the domain, then the files which will be created have  
>>which
>>owner? Will the permissions still remain?
> 
> 
> Other poster mentioned rsync.  That or tar can preserve permissions  
> as they are in the original file. You can run them over SSH to  
> transfer files to another server.
> 
> Not clear to me from your post whether you will need to run a tool on  
> windows to move the data around.  If so, there is at least the  
> windows ssh client called putty
> and a win32 port of tar http://gnuwin32.sourceforge.net/packages/tar.htm
> but I suppose that once you tar up the files, you can simply drag  
> them into a share on the new server and untar them with the -p flag.
> 
> Aha.  Now I see you may have some issue mapping the old windows user  
> to the new linux user uid. You can instead force user and group by  
> manipulating the attributes of the enclosing directory.
>   -- see the earlier thread "[Samba] See inherit user, need inherit  
> group"
-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/

On Oct 26, 2005, at 6:53 AM, Michael Gasch wrote:
>> # a similar command exists that will set the user id of a directory
>>     chmod u+s $directory
>>
> not at all :)
> you have to use force user or inherit owner via samba
Oops. of course you are right.
Funny how I distinctly remember doing this, and it working.
... apparently in the same universe where cars generate their own fuel.

The bit about sgid still stands, however.