Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Samba HowTo Guide
Prev Home Next

Share, Directory, and File Migration

Shares and files can be migrated in the same manner as user, machine, and group accounts. It is possible to preserve access control settings (ACLs) as well as security settings throughout the migration process. The net rpc vampire facility is used to migrate accounts from a Windows NT4 (or later) domain to a Samba server. This process preserves passwords and account security settings and is a precursor to the migration of shares and files.

The net rpc share command may be used to migrate shares, directories, files, and all relevant data from a Windows server to a Samba server.

A set of command-line switches permit the creation of almost direct clones of Windows file servers. For example, when migrating a fileserver, file ACLs and DOS file attributes from the Windows server can be included in the migration process and will reappear, almost identically, on the Samba server when the migration has been completed.

The migration process can be completed only with the Samba server already being fully operational. The user and group accounts must be migrated before attempting to migrate data share, files, and printers. The migration of files and printer configurations involves the use of both SMB and MS DCE RPC services. The benefit of the manner in which the migration process has been implemented is that the possibility now exists to use a Samba server as a man-in-middle migration service that affects a transfer of data from one server to another. For example, if the Samba server is called MESSER, the source Windows NT4 server is called PEPPY, and the target Samba server is called GONZALES, the machine MESSER can be used to effect the migration of all data (files and shares) from PEPPY to GONZALES. If the target machine is not specified, the local server is assumed by default - as net's general rule of thumb .

The success of server migration requires a firm understanding of the structure of the source server (or domain) as well as the processes on which the migration is critically dependant.

There are two known limitations to the migration process:

  1. The net command requires that the user credentials provided exist on both the migration source and the migration target.

  2. Printer settings may not be fully or may be incorrectly migrated. This might in particular happen when migrating a Windows 2003 print server to Samba.

Share Migration

The net rpc share migrate command operation permits the migration of plain share stanzas. A stanza contains the parameters within which a file or print share are defined. The use of this migration method will create share stanzas that have as parameters the file system directory path, an optional description, and simple security settings that permit write access to files. One of the first steps necessary following migration is to review the share stanzas to ensure that the settings are suitable for use.

The shares are created on the fly as part of the migration process. The smbd application does this by calling on the operating system to execute the script specified by the smb.conf parameter add share command .

There is a suitable example script for the add share command in the $SAMBA_SOURCES/examples/scripts directory. It should be noted that the account that is used to drive the migration must, of necessity, have appropriate file system access privileges and have the right to create shares and to set ACLs on them. Such rights are conferred by these rights: SeAddUsersPrivilege and SeDiskOperatorPrivilege . For more information regarding rights and privileges please refer to ???.

The syntax of the share migration command is shown here:

net rpc share MIGRATE SHARES <share-name> -S <source>
        [--destination=localhost] [--exclude=share1,share2] [-v]

When the parameter <share-name> is omitted, all shares will be migrated. The potentially large list of available shares on the system that is being migrated can be limited using the --exclude switch. For example:

root#  net rpc share migrate shares myshare\
         -S win2k -U administrator%secret"

This will migrate the share myshare from the server win2k to the Samba Server using the permissions that are tied to the account administrator with the password secret. The account that is used must be the same on both the migration source server and the target Samba server. The use of the net rpc vampire , prior to attempting the migration of shares, will ensure that accounts will be identical on both systems. One precaution worth taking before commencement of migration of shares is to validate that the migrated accounts (on the Samba server) have the needed rights and privileges. This can be done as shown here:

root#  net rpc right list accounts -Uroot%not24get

The steps taken so far perform only the migration of shares. Directories and directory contents are not migrated by the steps covered up to this point.

File and Directory Migration

Everything covered to this point has been done in preparation for the migration of file and directory data. For many people preparation is potentially boring and the real excitement only begins when file data can be used. The next steps demonstrate the techniques that can be used to transfer (migrate) data files using the net command.

Transfer of files from one server to another has always been a challenge for MS Windows administrators because Windows NT and 200X servers do not always include the tools needed. The xcopy from Windows NT is not capable of preserving file and directory ACLs, it does so only with Windows 200x. Microsoft does provide a utility that can copy ACLs (security settings) called scopy , but it is provided only as part of the Windows NT or 200X Server Resource Kit.

There are several tools, both commercial and freeware, that can be used from a Windows server to copy files and directories with full preservation of security settings. One of the best known of the free tools is called robocopy .

The net utility can be used to copy files and directories with full preservation of ACLs as well as DOS file attributes. Note that including ACLs makes sense only where the destination system will operate within the same security context as the source system. This applies both to a DMS and to domain controllers that result from a vampired domain. Before file and directory migration, all shares must already exist.

The syntax for the migration commands is shown here:

net rpc share MIGRATE FILES <share-name> -S <source>
    [--destination=localhost] [--exclude=share1,share2]
    [--acls] [--attrs] [--timestamps] [-v]

If the <share-name> parameter is omitted, all shares will be migrated. The potentially large list of shares on the source system can be restricted using the --exclude command switch.

Where it is necessary to preserve all file ACLs, the --acls switch should be added to the above command line. Original file timestamps can be preserved by specifying the --timestamps switch, and the DOS file attributes (i.e., hidden, archive, etc.) can be preserved by specifying the --attrs switch.

Samba HowTo Guide
Prev Home Next

  Published under the terms fo the GNU General Public License Design by Interspire