I'm trying to migrate my NT4 PDC to samba. So I currently have a samba
3.0.14a serveur with ldap backend as running BDC. I successfully migrated
SAM database with net
vampire command. However when I tried to migrate shares (or files... same
error) with this command :
net rpc share migrate shares test -S 'SERVEURNT4' --acls -v -U
Administrateur%secret
I get this error :
migrating: [test], path: F:\test, comment: , including share-ACLs
DACL
ACL Num ACEs: 2 revision: 2
---
ACE
type: ACCESS ALLOWED (0) flags: 0
Specific bits: 0x1ff
Permissions: 0x1f01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS
WRITE_DAC_ACCESS READ_CONTROL_ACCESS DELETE_ACCESS
SID: S-1-5-21-977737114-1106802783-817656539-500
ACE
type: ACCESS ALLOWED (0) flags: 0
Specific bits: 0x1ff
Permissions: 0x1f01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS
WRITE_DAC_ACCESS READ_CONTROL_ACCESS DELETE_ACCESS
SID: S-1-1-0
cannot add share: WERR_ACCESS_DENIED
Here my samba configuration file and ldap structure :
smb.conf
[global]
passdb backend = ldapsam:ldap://localhost, guest
ldap admin dn = "cn=Manager,dc=masociete,dc=fr"
ldap ssl = off
ldap delete dn = no
ldap user suffix = ou=Users
ldap machine suffix = ou=Machines
ldap group suffix = ou=Groups
ldap suffix = dc=masociete,dc=fr
workgroup = masociete
netbios name = SAMBAMIGR
encrypt passwords = yes
os level = 0
domain logons = Yes
domain master = No
local master = No
; Utilis? lors du net vampire
add machine script = /usr/sbin/smbldap-useradd -g sambamachines -w
-c "Samba Machine" -d /dev/null -s /bin/false '%u'
add user script = /usr/sbin/smbldap-useradd -g sambausers -c "Samba
User" -d /home/%U -s /bin/false '%u'
add group script = /usr/sbin/smbldap-groupadd '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
security = user
log file = /var/log/samba/%m.log
log level = 10
# eviter les probleme de fichier ayant pour seul proprietaire un group
force unknown acl user = yes
# ldap idmap suffix = ou=Users
nt acl support = yes
inherit acls = yes
[homes]
comment = Home Directories
path = /home/%U
read only = No
create mask = 0700
directory mask = 0700
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
browseable = No
share modes = No
base.ldif
dn: dc=masociete,dc=fr
objectClass: dcObject
objectClass: organization
o: masociete
dc: masociete
# Conteneur d'utilisateurs Samba
dn: ou=Users,dc=masociete,dc=fr
objectclass: top
objectclass: organizationalUnit
ou: Users
# Conteneur de groupes Samba
dn: ou=Groups,dc=masociete,dc=fr
objectclass: top
objectclass: organizationalUnit
ou: Groups
# Conteneur de machines Samba
dn: ou=Machines,dc=masociete,dc=fr
objectclass: top
objectclass: organizationalUnit
ou: Machines
Thanks for helping.
