Web lists-archives.com

Re: [Samba] Moving roaming profiles between domains, risky?




Hai, 

Sorry for the late reply, but yes, this is a risky move.
Did you make sure this the DOMAIN SID's are exact the same between old and new servers? 

This: 
rsync -av --progress --xattrs --rsh=ssh  
Does not copy the (windows) acl's. 

Look at https://wiki.samba.org/index.php/Bidirectional_Rsync/Unison_based_SysVol_replication_workaround 
Howto to this with rsync and unison, the combination catches the acl also. 


I suggest the following, or do the copy from a windows client or the following. 

Create a new user on the new server and login /logout with a pc. 

Check the user profile rights with getfacl 
Check the user homedir right with getfacl. 

And set the correct rights back after the copy. 
Its a bit the same as my "check-get-sysvol" script. 

https://github.com/thctlo/samba4/blob/master/samba-check-set-sysvol.sh
If you have a look, the function : Create_DC_SYVOL_ACL_FILE 
With the layout you want, and you need to adapt that to your users profile and home folder. 


I hope it explains enough. 

Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Marco Gaiarin via samba
> Verzonden: maandag 14 mei 2018 14:58
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Moving roaming profiles between domains, risky?
> 
> 
> > But i've tried to move/copy old profile to the new domain, and seems
> > work, with no glitch. I've done simply:
> > 	root@vdmsv1:/srv/samba/profiles# rsync -av --progress 
> --xattrs --rsh=ssh <oldntserver>:/srv/samba/profiles/gaio.V2 .
> > 	chown -R :"domain users" gaio.V2
> > 	<run a script that fix group permission, prevent 
> settings ACL mask incorrectly>
> [...]
> > Can i be confident that something strage does not brake all things
> > sooner or later?
> 
> I reply myself. Does not work.
> 
> Probably worked for me because i'm in 'domain admins' group, eg i'm an
> administrator.
> 
> I've tried as a normal user, and logon failed mysteriously (error
> starting windows profile services, something like that) and with only
> some generic winlogon errors in windows events.
> 
> Probably i've to sythetize correctly the ACL in 'user.SAMBA_PAI' to
> have it work, but... it takes less time to move 'Desktop' and some
> 'Appdata/Roaming/...' folders.
> 
> 
> Thanks.
> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba