samba - Feb 2011 - help migrating from file server to NAS w/ Active Directory

hello,

I'm having a problem I hope will be easy for someone to explain to me 
how to fix. I need to migrate from an old server to a new Cisco Smart 
Storage NAS, which runs some flavor of linux and is Active Directory 
aware. Using something like Robocopy from the AD server, or rsync or tar 
from the file server does not preserve user/group identities or 
directory date stamps (maybe rsync tar preserves the directory date 
stamps but robocopy doesn't). The owner defaults to the NAS admin and 
admin group.

There also seems to be a problem with the windows security permissions 
on the directories/files - under Windows Explorer the permissions are 
listed as "special" and the admins can't change them.

I set up a file server years ago on CentOs using Samba to serve files to 
Windows clients. Since then we integrated Active Directory and I had a 
windows whiz fix up my Samba config to use AD authentication. So the 
server doesn't really have linux users/groups anymore per se. To add a 
new user I add them via the AD server then map them in the smb.conf file 
- create manually a home directory for them and chown it to their 
username. (not sure how that works since there is no linux user by those 
usernames). Here is an example:
> [jimd]
>         path = /home/CN/jimd
>         valid users = CN+jimd
>         writeable = Yes
>         create mask = 0777
>         directory mask = 0777
>         browseable = no 
So the AD user is CN+jimd. One the file server though, the username that 
shows up on any file created by CN+jimd is actually owned by jimd (no 
CN+). On the NAS, any file I create with that user is owned by CN+jimd. 
Not sure if that is part of my problem or not.

Groups are similar.
> [Engineering]
>         writeable = Yes
>         path = /home/data/engineering
>         force group = CN+sengineer
> ;       guest ok = Yes
>         browseable = Yes
>         create mask = 0770
>         directory mask = 0770
>         valid users = @CN+sengineer 
So the thought was to somehow map files/shares on the AD server and move 
them over in that environment, but having troubles mentioned above - 
preserving directory time stamps and owner IDs.  Seems like I'm missing 
something really simple. The NAS does have samba and automatically 
writes a smb.conf file, but I don't believe there is a way to manually 
edit it other than GUI.

Let me know if you need more info to help.. appreciate the read!
cheers, JD

-- 
Jim Dory
Engineering
City of Nome
PO Box 281
102 Division St.
Nome, AK 99762
907.443.6604

http://www.nomealaska.org

Extra info:
  smbd --version
Version 3.0.33-0.19.el4_8.3

Win Server 2003-r2

thx,  JD

On 2/16/2011 10:49 AM, Jim Dory wrote:
>  hello,
>
> I'm having a problem I hope will be easy for someone to explain to me 
> how to fix. I need to migrate from an old server to a new Cisco Smart 
> Storage NAS, which runs some flavor of linux and is Active Directory 
> aware. Using something like Robocopy from the AD server, or rsync or 
> tar from the file server does not preserve user/group identities or 
> directory date stamps (maybe rsync tar preserves the directory date 
> stamps but robocopy doesn't). The owner defaults to the NAS admin and 
> admin group.
>
> There also seems to be a problem with the windows security permissions 
> on the directories/files - under Windows Explorer the permissions are 
> listed as "special" and the admins can't change them.
>
> I set up a file server years ago on CentOs using Samba to serve files 
> to Windows clients. Since then we integrated Active Directory and I 
> had a windows whiz fix up my Samba config to use AD authentication. So 
> the server doesn't really have linux users/groups anymore per se. To 
> add a new user I add them via the AD server then map them in the 
> smb.conf file - create manually a home directory for them and chown it 
> to their username. (not sure how that works since there is no linux 
> user by those usernames). Here is an example:
>> [jimd]
>>         path = /home/CN/jimd
>>         valid users = CN+jimd
>>         writeable = Yes
>>         create mask = 0777
>>         directory mask = 0777
>>         browseable = no 
>
> So the AD user is CN+jimd. One the file server though, the username 
> that shows up on any file created by CN+jimd is actually owned by jimd 
> (no CN+). On the NAS, any file I create with that user is owned by 
> CN+jimd. Not sure if that is part of my problem or not.
>
> Groups are similar.
>> [Engineering]
>>         writeable = Yes
>>         path = /home/data/engineering
>>         force group = CN+sengineer
>> ;       guest ok = Yes
>>         browseable = Yes
>>         create mask = 0770
>>         directory mask = 0770
>>         valid users = @CN+sengineer 
>
> So the thought was to somehow map files/shares on the AD server and 
> move them over in that environment, but having troubles mentioned 
> above - preserving directory time stamps and owner IDs.  Seems like 
> I'm missing something really simple. The NAS does have samba and 
> automatically writes a smb.conf file, but I don't believe there is a 
> way to manually edit it other than GUI.
>
> Let me know if you need more info to help.. appreciate the read!
> cheers, JD
>
-- 
Jim Dory
Engineering
City of Nome
PO Box 281
102 Division St.
Nome, AK 99762
907.443.6604

http://www.nomealaska.org

To boil this down a bit, maybe my problem is that my domain users on 
the old server are for instance jimd, and on the new NAS they show up as 
Domain+jimd. Or in this example, CN+jimd. So if I try to move files to 
the NAS, it doesn't recognize those users (without the prefix CN+) as 
users. The getent command on the old server has users uids in the 10,000 
range. On the NAS, they are in the 30,000 range, even though it got the 
users from the AD server. So perhaps I need a way to get things to match up?

thx, Jim



On 2/16/2011 10:49 AM, Jim Dory wrote:
>  hello,
>
> I'm having a problem I hope will be easy for someone to explain to me 
> how to fix. I need to migrate from an old server to a new Cisco Smart 
> Storage NAS, which runs some flavor of linux and is Active Directory 
> aware. Using something like Robocopy from the AD server, or rsync or 
> tar from the file server does not preserve user/group identities or 
> directory date stamps (maybe rsync tar preserves the directory date 
> stamps but robocopy doesn't). The owner defaults to the NAS admin and 
> admin group.
>
> There also seems to be a problem with the windows security permissions 
> on the directories/files - under Windows Explorer the permissions are 
> listed as "special" and the admins can't change them.
>
> I set up a file server years ago on CentOs using Samba to serve files 
> to Windows clients. Since then we integrated Active Directory and I 
> had a windows whiz fix up my Samba config to use AD authentication. So 
> the server doesn't really have linux users/groups anymore per se. To 
> add a new user I add them via the AD server then map them in the 
> smb.conf file - create manually a home directory for them and chown it 
> to their username. (not sure how that works since there is no linux 
> user by those usernames). Here is an example:
>> [jimd]
>>         path = /home/CN/jimd
>>         valid users = CN+jimd
>>         writeable = Yes
>>         create mask = 0777
>>         directory mask = 0777
>>         browseable = no 
>
> So the AD user is CN+jimd. One the file server though, the username 
> that shows up on any file created by CN+jimd is actually owned by jimd 
> (no CN+). On the NAS, any file I create with that user is owned by 
> CN+jimd. Not sure if that is part of my problem or not.
>
> Groups are similar.
>> [Engineering]
>>         writeable = Yes
>>         path = /home/data/engineering
>>         force group = CN+sengineer
>> ;       guest ok = Yes
>>         browseable = Yes
>>         create mask = 0770
>>         directory mask = 0770
>>         valid users = @CN+sengineer 
>
> So the thought was to somehow map files/shares on the AD server and 
> move them over in that environment, but having troubles mentioned 
> above - preserving directory time stamps and owner IDs.  Seems like 
> I'm missing something really simple. The NAS does have samba and 
> automatically writes a smb.conf file, but I don't believe there is a 
> way to manually edit it other than GUI.
>
> Let me know if you need more info to help.. appreciate the read!
> cheers, JD
>
-- 
Jim Dory
Engineering
City of Nome
PO Box 281
102 Division St.
Nome, AK 99762
907.443.6604

http://www.nomealaska.org