Re: [Samba] Moving roaming profiles between domains, risky?
- Date: Mon, 14 May 2018 15:48:26 +0200
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Moving roaming profiles between domains, risky?
Sorry for the late reply, but yes, this is a risky move.
Did you make sure this the DOMAIN SID's are exact the same between old and new servers?
rsync -av --progress --xattrs --rsh=ssh
Does not copy the (windows) acl's.
Look at https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaround
Howto to this with rsync and unison, the combination catches the acl also.
I suggest the following, or do the copy from a windows client or the following.
Create a new user on the new server and login /logout with a pc.
Check the user profile rights with getfacl
Check the user homedir right with getfacl.
And set the correct rights back after the copy.
Its a bit the same as my "check-get-sysvol" script.
If you have a look, the function : Create_DC_SYVOL_ACL_FILE
With the layout you want, and you need to adapt that to your users profile and home folder.
I hope it explains enough.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Marco Gaiarin via samba
> Verzonden: maandag 14 mei 2018 14:58
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Moving roaming profiles between domains, risky?
> > But i've tried to move/copy old profile to the new domain, and seems
> > work, with no glitch. I've done simply:
> > root@vdmsv1:/srv/samba/profiles# rsync -av --progress
> --xattrs --rsh=ssh <oldntserver>:/srv/samba/profiles/gaio.V2 .
> > chown -R :"domain users" gaio.V2
> > <run a script that fix group permission, prevent
> settings ACL mask incorrectly>
> > Can i be confident that something strage does not brake all things
> > sooner or later?
> I reply myself. Does not work.
> Probably worked for me because i'm in 'domain admins' group, eg i'm an
> I've tried as a normal user, and logon failed mysteriously (error
> starting windows profile services, something like that) and with only
> some generic winlogon errors in windows events.
> Probably i've to sythetize correctly the ACL in 'user.SAMBA_PAI' to
> have it work, but... it takes less time to move 'Desktop' and some
> 'Appdata/Roaming/...' folders.
> dott. Marco Gaiarin GNUPG
> Key ID: 240A3D66
> Associazione ``La Nostra Famiglia''
> Polo FVG - Via della Bontà, 7 - 33078 - San Vito al
> Tagliamento (PN)
> marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711
> f +39-0434-842797
> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the