LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 01-11-2008, 09:20 AM   #1
zola1
LQ Newbie
 
Registered: Feb 2007
Posts: 3

Rep: Reputation: 0
Unhappy Don't have rights after copying serv to other serv


Hello everyone, I need some help with the transfer of our old Linux server (Red Hat 9)to a new one(with much better hardware and Fedora Core 7). We’ve encountered a problem with some rights the users have lost.

We have around 30 employees working on windows 2000. Every employee connects with Windows to his profile through the linux server via Samba. The linux server is also the domain controller. On the Linux server we have all the data of every employee as well as the data on their desktops. When they connect to the server they download their desktop and their personal files in My Documents. What we want to do is transfer all the data, the user accounts, the samba configuration, etc.. So that we have the same server as before but on a new machine with better hardware and FC7. We need to transfer the data over night; we cannot allow downtime during any day of the week.

What we did :
1 – Copy the files: hosts, host.conf, resolv.conf, named.conf, network, passwd, shadow, group, gshadow, hostname, dhcpd.conf and the entire directory /etc/samba from the old server to the new one.

2 – Copy all the files from the old to the new server with :
scp –pr root@192.168.0.1:/home /home (This is where « My Documents » of every users is stored)

3 – scp –pr root@192.168.0.1:/association/samba_profiles /association/samba_profiles (for the desktops of every user)

4 – Create a shell script to change the owner and group of all the files we tranfered to make it so that the personal directorys and files are owned by the right users and groups(Every users should be the owner of their own directory in both the partitions).
Exemple: chown –R john1 :john1 /home/john1(same thing for /association/samba_profiles/john1)

The files have been copied correctly, and the directorys and files now have the fiting rights and ownerships. So now we have the exact same image on the new server as we had on the old one, exept for the OS, but we made some changes so that the config files from the RD9 would work on the FC7(anyway the problem doesn’t come from the incompatibility of the config files between 2 different OS because we tried from RD9 to RD9 and we still have the same problem).

PROBLEM
The problem we get is that all the users have lost their administrative rights on their own profiles, so now they cannot change the keyboard config, nor can they change the desktop image, but more importantly they cannot open their outlook accounts because they don’t have the rights. So it seems they don’t have the rights on their own directorys even though when we type “ll” we see the users as owners, and the rights are 755 for everyone. Keep in mind we cannot put them in the admin group for the domain, it would’nt be right.

The “tail –f /var/log/messages” on the server shows “couldn’t find service logon” when we try to connect to it with a distant Windows user. It was working fine with this smb.conf file before.

Someone suggested to tarball the data instead of using SCP(which changes the ownerships of all the files to root(because we use root to transfer)), tarball would keep the owners and rights on the files(with the option -p), so we would’nt have to switch them back but why would changing back the owners after transfering create a problem(since everything is back to normal afterwards), and we barely have enough space on the disk to save a .doc even less store a “.tar” from 22 Go of data(part of the reason we want to switch servers)

Can someone please help us. Any idea on a solution would be apreciated.

Thank you very much

Here is our /etc/samba/smb.conf :

[global]
log file = /var/log/samba/smb.log
smb passwd file = /etc/samba/smbpasswd
load printers = no
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = yes
encrypt passwords = yes
passwd program = /usr/bin/passwd %u
logon home = \\serv-doc\%U
logon drive = p:
wins support = yes
dns proxy = no
server string = B01-02 - Serveur de documment ASSOCIATION
unix password sync = Yes
local master = yes
workgroup = association
logon path = \\serv-doc\Profiles\%U
security = user
preferred master = yes
max log size = 0
pam password change = yes
domain logons = yes

[homes]
browseable = no
comment = Dossier personnel de %u
valid users = %S
writable = yes
create mode = 0664
hide files = /outlook/~$*/*.tmp/
directory mode = 0775

[Profiles]
path = /association/samba_profiles
browseable = no
writable = yes
guest ok = yes

[transferts]
comment = NON SAUVGARDE - Dossier de transfert temporaire vide le 1er chaque mois
path = /association/transfers
force group = employees
valid users = +employees
create mask = 0775
directory mask = 775
public = no
writable = yes
printable = no
hide files=/~$*/*.tmp/

[sauvegardes]
printable = no
write list = @admin
path = /backup
hide files = /~$*/*.tmp/
force group = +admin
create mask = 0770
comment = Dossier de sauvegarde
directory mask = 775

[documents communs]
writable = no
printable = no
path = /association/documents_communs
write list = +direction +admin
force group = +direction
hide files = /~$*/*.tmp/
create mask = 0775
directory mask = 775
comment = Dossier des documents communs aux employees de association
valid users = +employees
mangled map = docs com
public = no

[compta]
comment = Dossier de la comptabilite
path = /association/departements/compta/
force group = compta
valid users = +compta +controle
read list = +controle
write list = +compta beo
create mask = 0775
directory mask = 775
public = no
writable = yes
printable = no
hide files=/~$*/*.tmp/

[controle]
comment = Dossier du controle
path = /association/departements/controle
force group = controle
valid users = +controle
create mask = 0775
directory mask = 775
public = no
writable = yes
printable = no
hide files=/~$*/*.tmp/

[direction]
comment = Dossier de la direction
path = /association/departements/direction
force group = direction
valid users = +direction
; read list = +controle
create mask = 0775
directory mask = 775
public = no
writable = yes
printable = no
hide files=/Outlook/~$*/*.tmp/
 
Old 01-11-2008, 09:30 AM   #2
mickza
Member
 
Registered: Mar 2005
Location: South Africa
Distribution: Centos, Fedora, Ubuntu desktop, IPCop
Posts: 168

Rep: Reputation: 33
Ummm.. What's the SELinux setting. If not disabled try that.
 
Old 01-11-2008, 12:13 PM   #3
zola1
LQ Newbie
 
Registered: Feb 2007
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by mickza View Post
Ummm.. What's the SELinux setting. If not disabled try that.
I don't see what you're talking about. SELinux setting? You mean in the smb.conf?

Thanks
 
Old 01-12-2008, 01:04 AM   #4
mickza
Member
 
Registered: Mar 2005
Location: South Africa
Distribution: Centos, Fedora, Ubuntu desktop, IPCop
Posts: 168

Rep: Reputation: 33
Nope - SELinux (Security Enhanced Linux) is enabled by default when you install FC7 unless you changed it. It is responsible for a lot of seeming failures.

Check /etc/selinux/config and if "enforcing" or "permissive" set it to "disabled" and test your server (I would a suggest a reboot to ensure SELinux is disabled). If this fixes the problem some reading on SELinux is in order.
 
Old 01-12-2008, 04:08 AM   #5
zola1
LQ Newbie
 
Registered: Feb 2007
Posts: 3

Original Poster
Rep: Reputation: 0
Ok, checked it out and we've disabled everything security related including SELinux and the firewall.

But I found a nice Howto which could help me out a bit:

http://www.cyberciti.biz/faq/howto-m...to-new-server/

I'm going to try it out and keep the post updated.

Thanks mickza for the fast response
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
a program as easy and featureful as serv-u for linux? Cinematography Linux - Software 10 12-29-2011 06:20 PM
Mount Your NTFS Shared Folders On AIX/UNIX Serv Yordan AIX 2 12-17-2006 07:30 AM
Win2003DC and RedHat file serv dialbat Linux - Networking 3 09-16-2004 10:37 PM
Serv-U accessing Samba fmertus Linux - Networking 2 06-12-2003 07:53 PM
Serv-u v4.0 exploit??? pk21 Linux - Security 2 07-24-2002 04:01 PM


All times are GMT -5. The time now is 12:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration