Hopefully very easy question to answer. I am trying to migrate data of of a samba server that is using winbind joined to a windows domain to another box. What samba or winbind files do I need so that this will resolve to names rather than UID and GID. For example........ drwxr-x--- 1049 10926 10005 36864 May 15 11:46 Student
Thanks
On Thu, 2009-05-21 at 14:16 -0400, Bo Lynch wrote:
Hopefully very easy question to answer. I am trying to migrate data of of a samba server that is using winbind joined to a windows domain to another box. What samba or winbind files do I need so that this will resolve to names rather than UID and GID. For example........ drwxr-x--- 1049 10926 10005 36864 May 15 11:46 Student
Thanks
-- Migrate what data exactly? Is winbindd/samba your domain controller or is it on a Active Directory Server?
Caveat is you don't need winbindd. If you using winbind with AD then save your *.tdb files. Depends on your situation totally. Kerberos cache come to mind also. You smb.conf also. Just to migrate user data none of the above is needed. This answer you ? ?. As far as I know UID and GID is the only way to inter operate with AD...
JohnStanley
On Thu, May 21, 2009 2:43 pm, JohnS wrote:
On Thu, 2009-05-21 at 14:16 -0400, Bo Lynch wrote:
Hopefully very easy question to answer. I am trying to migrate data of of a samba server that is using winbind joined to a windows domain to another box. What samba or winbind files do I need so that this will resolve to names rather than UID and GID. For example........ drwxr-x--- 1049 10926 10005 36864 May 15 11:46 Student
Thanks
-- Migrate what data exactly? Is winbindd/samba your domain controller or is it on a Active Directory Server?
Caveat is you don't need winbindd. If you using winbind with AD then save your *.tdb files. Depends on your situation totally. Kerberos cache come to mind also. You smb.conf also. Just to migrate user data none of the above is needed. This answer you ? ?. As far as I know UID and GID is the only way to inter operate with AD...
JohnStanley
The situation I'm in is that this box is joining to a win2000 PDC using samba+winbind for setting permissions on files and dir with domain users/groups. When I do a ls -l I just see the uid or gid instead of the domainame+_user domainname+group which is causing samba not to know who owns the file.
Bo Lynch wrote:
On Thu, May 21, 2009 2:43 pm, JohnS wrote:
On Thu, 2009-05-21 at 14:16 -0400, Bo Lynch wrote:
Hopefully very easy question to answer. I am trying to migrate data of of a samba server that is using winbind joined to a windows domain to another box. What samba or winbind files do I need so that this will resolve to names rather than UID and GID. For example........ drwxr-x--- 1049 10926 10005 36864 May 15 11:46 Student
Thanks
-- Migrate what data exactly? Is winbindd/samba your domain controller or is it on a Active Directory Server?
Caveat is you don't need winbindd. If you using winbind with AD then save your *.tdb files. Depends on your situation totally. Kerberos cache come to mind also. You smb.conf also. Just to migrate user data none of the above is needed. This answer you ? ?. As far as I know UID and GID is the only way to inter operate with AD...
JohnStanley
The situation I'm in is that this box is joining to a win2000 PDC using samba+winbind for setting permissions on files and dir with domain users/groups. When I do a ls -l I just see the uid or gid instead of the domainame+_user domainname+group which is causing samba not to know who owns the file.
Is winbind added to the appropriate fields in nsswitch.conf?
On Thu, May 21, 2009 3:33 pm, Toby Bluhm wrote:
Bo Lynch wrote:
On Thu, May 21, 2009 2:43 pm, JohnS wrote:
On Thu, 2009-05-21 at 14:16 -0400, Bo Lynch wrote:
Hopefully very easy question to answer. I am trying to migrate data of of a samba server that is using winbind joined to a windows domain to another box. What samba or winbind files do I need so that this will resolve to names rather than UID and GID. For example........ drwxr-x--- 1049 10926 10005 36864 May 15 11:46 Student
Thanks
-- Migrate what data exactly? Is winbindd/samba your domain controller or is it on a Active Directory Server?
Caveat is you don't need winbindd. If you using winbind with AD then save your *.tdb files. Depends on your situation totally. Kerberos cache come to mind also. You smb.conf also. Just to migrate user data none of the above is needed. This answer you ? ?. As far as I know UID and GID is the only way to inter operate with AD...
JohnStanley
The situation I'm in is that this box is joining to a win2000 PDC using samba+winbind for setting permissions on files and dir with domain users/groups. When I do a ls -l I just see the uid or gid instead of the domainame+_user domainname+group which is causing samba not to know who owns the file.
Is winbind added to the appropriate fields in nsswitch.conf?
--
Yes
The situation I'm in is that this box is joining to a win2000 PDC using samba+winbind for setting permissions on files and dir with domain users/groups. When I do a ls -l I just see the uid or gid instead of the domainame+_user domainname+group which is causing samba not to know who owns the file.
Is winbind added to the appropriate fields in nsswitch.conf?
--
Yes
Is wbind running? Does any of the wbinfo commands give what you expect?
On Thu, 2009-05-21 at 15:39 -0400, Toby Bluhm wrote:
The situation I'm in is that this box is joining to a win2000 PDC using samba+winbind for setting permissions on files and dir with domain users/groups. When I do a ls -l I just see the uid or gid instead of the domainame+_user domainname+group which is causing samba not to know who owns the file.
Is winbind added to the appropriate fields in nsswitch.conf?
--
Yes
Is wbind running? Does any of the wbinfo commands give what you expect?
Hey what is winbindd need for? I don't need it! ---------------------------------------- [global] workgroup = yourstruly.local password server = yourstruly.local realm = YOURSTRULY.LOCAL security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = false winbind offline logon = false ----------------------------------------
On Thu, 2009-05-21 at 14:48 -0400, Bo Lynch wrote:
On Thu, May 21, 2009 2:43 pm, JohnS wrote:
On Thu, 2009-05-21 at 14:16 -0400, Bo Lynch wrote:
Hopefully very easy question to answer. I am trying to migrate data of of a samba server that is using winbind joined to a windows domain to another box. What samba or winbind files do I need so that this will resolve to names rather than UID and GID. For example........ drwxr-x--- 1049 10926 10005 36864 May 15 11:46 Student
Thanks
-- Migrate what data exactly? Is winbindd/samba your domain controller or is it on a Active Directory Server?
Caveat is you don't need winbindd. If you using winbind with AD then save your *.tdb files. Depends on your situation totally. Kerberos cache come to mind also. You smb.conf also. Just to migrate user data none of the above is needed. This answer you ? ?. As far as I know UID and GID is the only way to inter operate with AD...
JohnStanley
The situation I'm in is that this box is joining to a win2000 PDC using samba+winbind for setting permissions on files and dir with domain users/groups. When I do a ls -l I just see the uid or gid instead of the domainame+_user domainname+group which is causing samba not to know who owns the file.
--- To be truthfull it sounds like the Machine SID has been changed or a domain added and deleted on the AD server. Can you from the AD server in AD Users and Groups confirm the same thing from a mapped share by looking at the user listed in it? Of cousre this required the Samba host to have the drive mounted with the acl option.
JohnStanley
On Thu, 2009-05-21 at 14:16 -0400, Bo Lynch wrote:
What samba or winbind files do I need so that this will resolve to names rather than UID and GID. For example........ drwxr-x--- 1049 10926 10005 36864 May 15 11:46 Student
--- Ok lets take away AD. To use regular name authentication. Add your users to the system and put them in a group. Then use smbpassd username. That way users are authenticated by USER_NAME. You will have to change the authentication mode to security = user in smb.conf.
JohnStanley
Bo Lynch wrote:
Hopefully very easy question to answer. I am trying to migrate data of of a samba server that is using winbind joined to a windows domain to another box. What samba or winbind files do I need so that this will resolve to names rather than UID and GID. For example........ drwxr-x--- 1049 10926 10005 36864 May 15 11:46 Student
If you mean that you migrate data from one samba server to another *non* samba machine it depends how your newly machine is/will be configured. Is the samba domain ADS based ? have you used the idmap_rid feature ? (a *must* when having multiple linux/unix machines using winbind in a AD domain to have a consistent id/sid mapping accross all the samba machines instead of the 'first come, first serve' id from from idmap pool) . If not, don't forget that even if you configure winbind/samba the same way it was on the old machine, the uid/gid map will never be the same (except when using idmap_rid directly) So my advice is just to backup the permissions on the old machine (with getfacl) , rsync the data, join the new machine to the domain, and restores permissions back (with setfacl --restore)
On Fri, 2009-05-22 at 20:37 +0200, Fabian Arrotin wrote:
Bo Lynch wrote:
Hopefully very easy question to answer. I am trying to migrate data of of a samba server that is using winbind joined to a windows domain to another box. What samba or winbind files do I need so that this will resolve to names rather than UID and GID. For example........ drwxr-x--- 1049 10926 10005 36864 May 15 11:46 Student
If you mean that you migrate data from one samba server to another *non* samba machine it depends how your newly machine is/will be configured. Is the samba domain ADS based ? have you used the idmap_rid feature ? (a *must* when having multiple linux/unix machines using winbind in a AD domain to have a consistent id/sid mapping accross all the samba machines instead of the 'first come, first serve' id from from idmap pool) . If not, don't forget that even if you configure winbind/samba the same way it was on the old machine, the uid/gid map will never be the same (except when using idmap_rid directly) So my advice is just to backup the permissions on the old machine (with getfacl) , rsync the data, join the new machine to the domain, and restores permissions back (with setfacl --restore)
--- What about the Old Samba SID Number? He will need that also. There is a whole section of a couple pages explaining on how to do this in "Samba 3 Howto.pdf" from samba.org. He is much better off reading it himself than anyone trying to explain it to him. He also needs to take into consideration of my previous post to him if that is the case also.
JohnStanley
-
Bo Lynch -
Fabian Arrotin -
JohnS -
Toby Bluhm