How to migrating data from one samba server with "old" access config to new server with windows ACL?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to migrating data from one samba server with "old" access config to new server with windows ACL?

Samba - General mailing list
Hi,

I try to find a solution for migrating files from a samba server with share access configure at share level in the smb.conf to a new fileserver with Windows ACL configured shares.

I did a rsync from the old share to the new server and tried to set the ACL on windows with the "Computer Manager“. But I get an error when applying the rights that the enumerating of objects in the container fails.

The new server is a samba 4.7.x

On other shares which are filled from scratch (no data migration from an old server) are working fine and use the ACL I add.

Any suggestion hints and tricks are welcome.

        Regards . Götz


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: How to migrating data from one samba server with "old" access config to new server with windows ACL?

Samba - General mailing list
Hi Götz,

> I try to find a solution for migrating files from a samba server with share access configure at share level in the smb.conf to a new fileserver with Windows ACL configured shares.
>
> I did a rsync from the old share to the new server and tried to set the ACL on windows with the "Computer Manager“. But I get an error when applying the rights that the enumerating of objects in the container fails.

Perhaps you should try to remove all old ACL first on linux side, and
then reset them from Windows side.
  setfacl -R -b /home/myshare
  chown -R administrator:"domain users" /home/myshare
  find /home/myshare -type d -exec chmod 700 {} \;
  find /home/myshare -type f -exec chmod 600 {} \;

It's probably overkill, but it should make it work for you.

samba-tool ntacl get/set --as-sddl is currently buggy on member servers
(it works properly on domain controller though). It would allow to
script real Windows ACL the windows way directly on your fileserver! I
now SDDL is ugly, but it is the only way to do it right :-)

Cheers,

Denis

> The new server is a samba 4.7.x
>
> On other shares which are filled from scratch (no data migration from an old server) are working fine and use the ACL I add.
>
> Any suggestion hints and tricks are welcome.
>
> Regards . Götz
>
>

--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba