Hi, I wonder if there are any tools to simplify transition from TDB to RID on existing system in production. Long story short, by mistake one of our servers were configured with default idmap set to a range: idmap config * : backend = tdb idmap config * : range = 3000-7999 The server had joined domain and everything works just fine however I may need to fix user/group ids and make it like that: idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config MYDOMAIN : backend = rid idmap config MYDOMAIN : range = 8000-999999999 Existing users and groups are still in TDB so RID does not have any effect unless uncached user used. I suspect I may need to do some scripting with tdbtool and getfacl/setfacl to be able to migrate existing filesystem to new ids. Using robocopy may be expensive to pull and push files because filesystem is more than 35Tb+ ... Anyone had any good experience with that? Cheers, Oleg
On Fri, 27 Oct 2017 15:17:56 +0200 Oleg Cherkasov via samba <samba at lists.samba.org> wrote:> Hi, > > I wonder if there are any tools to simplify transition from TDB to > RID on existing system in production. Long story short, by mistake > one of our servers were configured with default idmap set to a range: > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > The server had joined domain and everything works just fine however I > may need to fix user/group ids and make it like that: > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config MYDOMAIN : backend = rid > idmap config MYDOMAIN : range = 8000-999999999 > > Existing users and groups are still in TDB so RID does not have any > effect unless uncached user used. > > I suspect I may need to do some scripting with tdbtool and > getfacl/setfacl to be able to migrate existing filesystem to new ids. > Using robocopy may be expensive to pull and push files because > filesystem is more than 35Tb+ ... > > Anyone had any good experience with that? > > > Cheers, > Oleg >From what I understand, your domain users and groups are being allocated IDs in the 3000-7999 range, if this is so, it will probably be be easier to script around 'getent passwd' and 'getent group'. Rowland
On 27. okt. 2017 16:46, Rowland Penny via samba wrote:> On Fri, 27 Oct 2017 15:17:56 +0200 > Oleg Cherkasov via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> I wonder if there are any tools to simplify transition from TDB to >> RID on existing system in production. Long story short, by mistake >> one of our servers were configured with default idmap set to a range: >> >> idmap config * : backend = tdb >> idmap config * : range = 3000-7999 >> >> The server had joined domain and everything works just fine however I >> may need to fix user/group ids and make it like that: >> >> idmap config * : backend = tdb >> idmap config * : range = 3000-7999 >> idmap config MYDOMAIN : backend = rid >> idmap config MYDOMAIN : range = 8000-999999999 >> >> Existing users and groups are still in TDB so RID does not have any >> effect unless uncached user used. >> >> I suspect I may need to do some scripting with tdbtool and >> getfacl/setfacl to be able to migrate existing filesystem to new ids. >> Using robocopy may be expensive to pull and push files because >> filesystem is more than 35Tb+ ... >> > > From what I understand, your domain users and groups are being > allocated IDs in the 3000-7999 range, if this is so, it will probably > be be easier to script around 'getent passwd' and 'getent group'.Correct, some users and groups are in 3000-7999 so would have to translate and setfacl to range 8000-999999999.