Jim Dory
2011-Feb-16 19:49 UTC
[Samba] help migrating from file server to NAS w/ Active Directory
hello, I'm having a problem I hope will be easy for someone to explain to me how to fix. I need to migrate from an old server to a new Cisco Smart Storage NAS, which runs some flavor of linux and is Active Directory aware. Using something like Robocopy from the AD server, or rsync or tar from the file server does not preserve user/group identities or directory date stamps (maybe rsync tar preserves the directory date stamps but robocopy doesn't). The owner defaults to the NAS admin and admin group. There also seems to be a problem with the windows security permissions on the directories/files - under Windows Explorer the permissions are listed as "special" and the admins can't change them. I set up a file server years ago on CentOs using Samba to serve files to Windows clients. Since then we integrated Active Directory and I had a windows whiz fix up my Samba config to use AD authentication. So the server doesn't really have linux users/groups anymore per se. To add a new user I add them via the AD server then map them in the smb.conf file - create manually a home directory for them and chown it to their username. (not sure how that works since there is no linux user by those usernames). Here is an example:> [jimd] > path = /home/CN/jimd > valid users = CN+jimd > writeable = Yes > create mask = 0777 > directory mask = 0777 > browseable = noSo the AD user is CN+jimd. One the file server though, the username that shows up on any file created by CN+jimd is actually owned by jimd (no CN+). On the NAS, any file I create with that user is owned by CN+jimd. Not sure if that is part of my problem or not. Groups are similar.> [Engineering] > writeable = Yes > path = /home/data/engineering > force group = CN+sengineer > ; guest ok = Yes > browseable = Yes > create mask = 0770 > directory mask = 0770 > valid users = @CN+sengineerSo the thought was to somehow map files/shares on the AD server and move them over in that environment, but having troubles mentioned above - preserving directory time stamps and owner IDs. Seems like I'm missing something really simple. The NAS does have samba and automatically writes a smb.conf file, but I don't believe there is a way to manually edit it other than GUI. Let me know if you need more info to help.. appreciate the read! cheers, JD -- Jim Dory Engineering City of Nome PO Box 281 102 Division St. Nome, AK 99762 907.443.6604 http://www.nomealaska.org
Jim Dory
2011-Feb-16 21:01 UTC
[Samba] help migrating from file server to NAS w/ Active Directory
Extra info: smbd --version Version 3.0.33-0.19.el4_8.3 Win Server 2003-r2 thx, JD On 2/16/2011 10:49 AM, Jim Dory wrote:> hello, > > I'm having a problem I hope will be easy for someone to explain to me > how to fix. I need to migrate from an old server to a new Cisco Smart > Storage NAS, which runs some flavor of linux and is Active Directory > aware. Using something like Robocopy from the AD server, or rsync or > tar from the file server does not preserve user/group identities or > directory date stamps (maybe rsync tar preserves the directory date > stamps but robocopy doesn't). The owner defaults to the NAS admin and > admin group. > > There also seems to be a problem with the windows security permissions > on the directories/files - under Windows Explorer the permissions are > listed as "special" and the admins can't change them. > > I set up a file server years ago on CentOs using Samba to serve files > to Windows clients. Since then we integrated Active Directory and I > had a windows whiz fix up my Samba config to use AD authentication. So > the server doesn't really have linux users/groups anymore per se. To > add a new user I add them via the AD server then map them in the > smb.conf file - create manually a home directory for them and chown it > to their username. (not sure how that works since there is no linux > user by those usernames). Here is an example: >> [jimd] >> path = /home/CN/jimd >> valid users = CN+jimd >> writeable = Yes >> create mask = 0777 >> directory mask = 0777 >> browseable = no > > So the AD user is CN+jimd. One the file server though, the username > that shows up on any file created by CN+jimd is actually owned by jimd > (no CN+). On the NAS, any file I create with that user is owned by > CN+jimd. Not sure if that is part of my problem or not. > > Groups are similar. >> [Engineering] >> writeable = Yes >> path = /home/data/engineering >> force group = CN+sengineer >> ; guest ok = Yes >> browseable = Yes >> create mask = 0770 >> directory mask = 0770 >> valid users = @CN+sengineer > > So the thought was to somehow map files/shares on the AD server and > move them over in that environment, but having troubles mentioned > above - preserving directory time stamps and owner IDs. Seems like > I'm missing something really simple. The NAS does have samba and > automatically writes a smb.conf file, but I don't believe there is a > way to manually edit it other than GUI. > > Let me know if you need more info to help.. appreciate the read! > cheers, JD >-- Jim Dory Engineering City of Nome PO Box 281 102 Division St. Nome, AK 99762 907.443.6604 http://www.nomealaska.org
Jim Dory
2011-Feb-17 01:52 UTC
[Samba] help migrating from file server to NAS w/ Active Directory
To boil this down a bit, maybe my problem is that my domain users on the old server are for instance jimd, and on the new NAS they show up as Domain+jimd. Or in this example, CN+jimd. So if I try to move files to the NAS, it doesn't recognize those users (without the prefix CN+) as users. The getent command on the old server has users uids in the 10,000 range. On the NAS, they are in the 30,000 range, even though it got the users from the AD server. So perhaps I need a way to get things to match up? thx, Jim On 2/16/2011 10:49 AM, Jim Dory wrote:> hello, > > I'm having a problem I hope will be easy for someone to explain to me > how to fix. I need to migrate from an old server to a new Cisco Smart > Storage NAS, which runs some flavor of linux and is Active Directory > aware. Using something like Robocopy from the AD server, or rsync or > tar from the file server does not preserve user/group identities or > directory date stamps (maybe rsync tar preserves the directory date > stamps but robocopy doesn't). The owner defaults to the NAS admin and > admin group. > > There also seems to be a problem with the windows security permissions > on the directories/files - under Windows Explorer the permissions are > listed as "special" and the admins can't change them. > > I set up a file server years ago on CentOs using Samba to serve files > to Windows clients. Since then we integrated Active Directory and I > had a windows whiz fix up my Samba config to use AD authentication. So > the server doesn't really have linux users/groups anymore per se. To > add a new user I add them via the AD server then map them in the > smb.conf file - create manually a home directory for them and chown it > to their username. (not sure how that works since there is no linux > user by those usernames). Here is an example: >> [jimd] >> path = /home/CN/jimd >> valid users = CN+jimd >> writeable = Yes >> create mask = 0777 >> directory mask = 0777 >> browseable = no > > So the AD user is CN+jimd. One the file server though, the username > that shows up on any file created by CN+jimd is actually owned by jimd > (no CN+). On the NAS, any file I create with that user is owned by > CN+jimd. Not sure if that is part of my problem or not. > > Groups are similar. >> [Engineering] >> writeable = Yes >> path = /home/data/engineering >> force group = CN+sengineer >> ; guest ok = Yes >> browseable = Yes >> create mask = 0770 >> directory mask = 0770 >> valid users = @CN+sengineer > > So the thought was to somehow map files/shares on the AD server and > move them over in that environment, but having troubles mentioned > above - preserving directory time stamps and owner IDs. Seems like > I'm missing something really simple. The NAS does have samba and > automatically writes a smb.conf file, but I don't believe there is a > way to manually edit it other than GUI. > > Let me know if you need more info to help.. appreciate the read! > cheers, JD >-- Jim Dory Engineering City of Nome PO Box 281 102 Division St. Nome, AK 99762 907.443.6604 http://www.nomealaska.org