Hello Lorenzo, please don't hijack foreign threads. ;-) Am 19.05.2014 19:17, schrieb Lorenzo Faleschini:> In my mind i figured out that what I want to achieve is done by: > - adding Samba4 machine to the domain as domain controller > - move all FSMO roles to the Samba4 DC (trough win RSAT) > - manually rsync SysVol (win2003-->Samba4)to get all the last changes > - demote the win2003 DC to a member > > is this safe to do?This would be usual way for such a migration. But you can't use rsync, because it would not replicate the Windows ACLs to the Samba share. I would suggest to just copy the SysVol content manually, run "samba-tool ntacl sysvolreset" and then set the ACLs manually (if you don't want them to be at their default). And if you demote the Win DC afterwards anyway, then you don't have the requirement for Win-Samba replication.> Is it better to just add Samba4 and scheduled rsync and only in the > case of win2003 failure go through the FSMO moving and its demotion > to member?See my rsync notes above. If you keep the Windows DC, then you have to get a way to syncronize the SysVol content including ACLs, until someone starts implenting SysVol replication in Samba. But currently there's no one working on that. Regards, Marc
Hello Lorenzo, Am 19.05.2014 20:27, schrieb Lorenzo Faleschini:> you mean that running "samba-tool ntacl sysvolreset" will copy the > sysvol from the primary dc or that is a command to run after the cp?No. You copy the SysVol content from your Win DC manually (cp, or whatever) to the SysVol share of your Samba DC. Then you do the sysvolreset on the Samba DC, so that all ACLs on the SysVol share are set to their defaults. If you Windows DC had on its SysVol other ACLs, you can add/change them afterwards. But the sysvolreset makes sure, that everything that is needed to work, will be there.> this wiki info is valid only for a 100% Samba4 environment right? > https://wiki.samba.org/index.php/SysVol_ReplicationYes.> so, just to confirm: I can't push SysVol ACL changes from windows to > linux using a tool like Cygwin rsync?You can. But it won't sync the ACLs. Regards, Marc