Don't have rights after copying serv to other serv
Hello everyone, I need some help with the transfer of our old Linux server (Red Hat 9)to a new one(with much better hardware and Fedora Core 7). We’ve encountered a problem with some rights the users have lost.
We have around 30 employees working on windows 2000. Every employee connects with Windows to his profile through the linux server via Samba. The linux server is also the domain controller. On the Linux server we have all the data of every employee as well as the data on their desktops. When they connect to the server they download their desktop and their personal files in My Documents. What we want to do is transfer all the data, the user accounts, the samba configuration, etc.. So that we have the same server as before but on a new machine with better hardware and FC7. We need to transfer the data over night; we cannot allow downtime during any day of the week. What we did : 1 – Copy the files: hosts, host.conf, resolv.conf, named.conf, network, passwd, shadow, group, gshadow, hostname, dhcpd.conf and the entire directory /etc/samba from the old server to the new one. 2 – Copy all the files from the old to the new server with : scp –pr root@192.168.0.1:/home /home (This is where « My Documents » of every users is stored) 3 – scp –pr root@192.168.0.1:/association/samba_profiles /association/samba_profiles (for the desktops of every user) 4 – Create a shell script to change the owner and group of all the files we tranfered to make it so that the personal directorys and files are owned by the right users and groups(Every users should be the owner of their own directory in both the partitions). Exemple: chown –R john1 :john1 /home/john1(same thing for /association/samba_profiles/john1) The files have been copied correctly, and the directorys and files now have the fiting rights and ownerships. So now we have the exact same image on the new server as we had on the old one, exept for the OS, but we made some changes so that the config files from the RD9 would work on the FC7(anyway the problem doesn’t come from the incompatibility of the config files between 2 different OS because we tried from RD9 to RD9 and we still have the same problem). PROBLEM The problem we get is that all the users have lost their administrative rights on their own profiles, so now they cannot change the keyboard config, nor can they change the desktop image, but more importantly they cannot open their outlook accounts because they don’t have the rights. So it seems they don’t have the rights on their own directorys even though when we type “ll” we see the users as owners, and the rights are 755 for everyone. Keep in mind we cannot put them in the admin group for the domain, it would’nt be right. The “tail –f /var/log/messages” on the server shows “couldn’t find service logon” when we try to connect to it with a distant Windows user. It was working fine with this smb.conf file before. Someone suggested to tarball the data instead of using SCP(which changes the ownerships of all the files to root(because we use root to transfer)), tarball would keep the owners and rights on the files(with the option -p), so we would’nt have to switch them back but why would changing back the owners after transfering create a problem(since everything is back to normal afterwards), and we barely have enough space on the disk to save a .doc even less store a “.tar” from 22 Go of data(part of the reason we want to switch servers) Can someone please help us. Any idea on a solution would be apreciated. Thank you very much Here is our /etc/samba/smb.conf : [global] log file = /var/log/samba/smb.log smb passwd file = /etc/samba/smbpasswd load printers = no passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes encrypt passwords = yes passwd program = /usr/bin/passwd %u logon home = \\serv-doc\%U logon drive = p: wins support = yes dns proxy = no server string = B01-02 - Serveur de documment ASSOCIATION unix password sync = Yes local master = yes workgroup = association logon path = \\serv-doc\Profiles\%U security = user preferred master = yes max log size = 0 pam password change = yes domain logons = yes [homes] browseable = no comment = Dossier personnel de %u valid users = %S writable = yes create mode = 0664 hide files = /outlook/~$*/*.tmp/ directory mode = 0775 [Profiles] path = /association/samba_profiles browseable = no writable = yes guest ok = yes [transferts] comment = NON SAUVGARDE - Dossier de transfert temporaire vide le 1er chaque mois path = /association/transfers force group = employees valid users = +employees create mask = 0775 directory mask = 775 public = no writable = yes printable = no hide files=/~$*/*.tmp/ [sauvegardes] printable = no write list = @admin path = /backup hide files = /~$*/*.tmp/ force group = +admin create mask = 0770 comment = Dossier de sauvegarde directory mask = 775 [documents communs] writable = no printable = no path = /association/documents_communs write list = +direction +admin force group = +direction hide files = /~$*/*.tmp/ create mask = 0775 directory mask = 775 comment = Dossier des documents communs aux employees de association valid users = +employees mangled map = docs com public = no [compta] comment = Dossier de la comptabilite path = /association/departements/compta/ force group = compta valid users = +compta +controle read list = +controle write list = +compta beo create mask = 0775 directory mask = 775 public = no writable = yes printable = no hide files=/~$*/*.tmp/ [controle] comment = Dossier du controle path = /association/departements/controle force group = controle valid users = +controle create mask = 0775 directory mask = 775 public = no writable = yes printable = no hide files=/~$*/*.tmp/ [direction] comment = Dossier de la direction path = /association/departements/direction force group = direction valid users = +direction ; read list = +controle create mask = 0775 directory mask = 775 public = no writable = yes printable = no hide files=/Outlook/~$*/*.tmp/ |
Ummm.. What's the SELinux setting. If not disabled try that.
|
Quote:
Thanks |
Nope - SELinux (Security Enhanced Linux) is enabled by default when you install FC7 unless you changed it. It is responsible for a lot of seeming failures.
Check /etc/selinux/config and if "enforcing" or "permissive" set it to "disabled" and test your server (I would a suggest a reboot to ensure SELinux is disabled). If this fixes the problem some reading on SELinux is in order. |
Ok, checked it out and we've disabled everything security related including SELinux and the firewall.
But I found a nice Howto which could help me out a bit: http://www.cyberciti.biz/faq/howto-m...to-new-server/ I'm going to try it out and keep the post updated. Thanks mickza for the fast response |
All times are GMT -5. The time now is 10:56 AM. |