Andreas Hauffe
2015-Feb-03 12:29 UTC
[Samba] File-Server update from Samba 3.6 to Samba 4.1
Hello, I'm preparing a update from a heterogen environment with the services OpenLDAP, Kerberos, Bind9, Samba 3.6 (NT-Domain), NFS4 to a Samba4 AD. I'm setting up a test environment with a separate DC and a file server. There are some questions about the file server which is a debian file server with some TB of data right now. The first question is, what to do with the existing TB of data (user homes, global exports, a.s.o.) only with POXIS ACLs (owner,group,others). Do I have to set the more complex Windows ACLs for every folder or file to get at least the same access rights as before? The second question is, if it is possible to export the same file system/folders as an NFS4 export and a Samba4 share or if there are problems concering the ACLs? -- Viele Gr??e Andreas Hauffe
Marc Muehlfeld
2015-Feb-03 14:15 UTC
[Samba] File-Server update from Samba 3.6 to Samba 4.1
Hello Andreas, Am 03.02.2015 um 13:29 schrieb Andreas Hauffe:> The first question is, what to do with the existing TB of data (user homes, global exports, > a.s.o.) only with POXIS ACLs (owner,group,others). Do I have to set the more complex > Windows ACLs for every folder or file to get at least the same access rights as before?It's not recommended to use the DC as a file server. Put your data on a member server. If you currently have all data on your PDC, you could configure this machine as a member server after you did the classicupgrade (on a different host). The AD DC, doesn't have to be a very powerful machine, if you don't have thousands of users flooding you with authentication. :-) You can use Posix ACLs, like ever in the past. https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ACLs Where do you have your IDs stored atm? In openLDAP? Then it's easy. If you do the classicupgrade, the process moves the IDs to AD. You can configure your member servers to use RFC2307 idmap backend. Then all files are owned by the same users/groups.> The second question is, if it is possible to export the same file system/folders as an > NFS4 export and a Samba4 share or if there are problems concering the ACLs?Sorry. Never tried this. But surely someone else can answer that. :-) Regards, Marc
Andreas Hauffe
2015-Feb-03 14:58 UTC
[Samba] File-Server update from Samba 3.6 to Samba 4.1
Hello Marc, at first thanks! Am Dienstag, 3. Februar 2015, 15:15:47 schrieb Marc Muehlfeld:> Hello Andreas, > > Am 03.02.2015 um 13:29 schrieb Andreas Hauffe: > > The first question is, what to do with the existing TB of data (user > > homes, global exports, a.s.o.) only with POXIS ACLs (owner,group,others). > > Do I have to set the more complex Windows ACLs for every folder or file > > to get at least the same access rights as before? > It's not recommended to use the DC as a file server. Put your data on a > member server. If you currently have all data on your PDC, you could > configure this machine as a member server after you did the > classicupgrade (on a different host). The AD DC, doesn't have to be a > very powerful machine, if you don't have thousands of users flooding you > with authentication. :-)Sorry! Bad description from my side. The DC is an separate machine even im my test environment and I'm going to configure the "old" server as a member server as file server.> You can use Posix ACLs, like ever in the past. > https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ > ACLs > > Where do you have your IDs stored atm? In openLDAP? Then it's easy. If > you do the classicupgrade, the process moves the IDs to AD. You can > configure your member servers to use RFC2307 idmap backend. Then all > files are owned by the same users/groups.Thanks for the hint. I read about this.> > > The second question is, if it is possible to export the same file > > system/folders as an NFS4 export and a Samba4 share or if there are > > problems concering the ACLs? > Sorry. Never tried this. But surely someone else can answer that. :-) >No problem!> > Regards, > Marc-- Viele Gr??e Andreas Hauffe