ONTAP Hardware

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Hardware

Ask a Question

Copying local groups between filers

mattmusgrove1
‎2010-11-17 06:13 AM
7,582 Views

We have a new FAS2020 and need to migrate all the data from a FAS250 on  to it.  There are hundreds of local groups on this FAS250 (because  originally an old windows server was migrated to the FAS250 using  SecureCopy which copies all the local groups and shares over as well as  the files).

If I SnapMirror to the FAS2020 of course the local groups won't  transfer.  How can I copy the local groups to the new FAS and keep all my permissions intact? If I were to use SecureCopy (or other product) would  the new RID's on the new FAS2020 be different to those on the FAS250? I don't really understand  the role the RID's play in all this?

Any advice gratefully received

0 Kudos
View By:
1 ACCEPTED SOLUTION

mattmusgrove1
‎2013-10-09 06:44 AM
In response to mattmusgrove1
7,582 Views

Updating after a few years as I needed to do this again and found my own question.

Yes, you can copy local groups.  You need to copy /etc/filersid.cfg and /etc/lclgroups.cfg to your new filer.

cp /etc/lclgroups.cfg /etc/lclgroups.tmp

On Netapp:

useradmin domainuser load /etc/lclgroups.tmp

View solution in original post

7 REPLIES 7

ekashpureff
‎2010-11-17 06:44 PM
7,582 Views

I'm not sure I understand how you would have so many local groups ?

There's a distinct difference between local groups/users and domain users/goups.

Local groups for CIFS are defined in the /etc/lclgroups.cfg file.

They can contain domain and local users.

Domain groups are defined in AD.

In most cases Robo or other tools will sync your ACLs for you.

I hope this response has been helpful to you.

At your service,


Eugene E. Kashpureff
ekashp@kashpureff.org
Fastlane NetApp Instructor and Independent Consultant
http://www.fastlaneus.com/ http://www.linkedin.com/in/eugenekashpureff

(P.S. I appreciate points for helpful or correct answers.)

0 Kudos

mattmusgrove1
‎2010-11-18 01:43 AM
In response to ekashpureff
7,582 Views

No, I don't understand why there are so many local groups either! About 700

Can I copy the /etc/lclgroups.cfg between filers?

0 Kudos

aborzenkov
‎2010-11-18 01:55 AM
In response to mattmusgrove1
7,581 Views

Most likely not.

Windows SID is built from (at least) two parts – computer/domain SID and RID (Relative ID) that, to put is simple, is just consecutive numbering of objects, e.g. users or groups.

Lclgroups.cfg contains just RID for each group; but your file ACLs store full SIDs that include filer SID.

New filer most likely will get new SID when you run cifs setup, which means those new groups won’t match ACEs. It is the same as deleting and creating user with the same name – it is still different user from Windows point of view.

0 Kudos

mattmusgrove1
‎2010-11-18 02:08 AM
In response to aborzenkov
7,581 Views

This is bad news.  So does this mean that I would have to use a tool (like SecureCopy) to migrate from filer to filer in order to preserve the association between the local groups and the ACLs?

0 Kudos

aborzenkov
‎2010-11-18 02:10 AM
In response to mattmusgrove1
7,581 Views

How would you do it in case of “normal” Windows servers?

0 Kudos

mattmusgrove1
‎2010-11-18 02:13 AM
In response to aborzenkov
7,581 Views

Good point

0 Kudos

mattmusgrove1
‎2013-10-09 06:44 AM
In response to mattmusgrove1
7,583 Views

Updating after a few years as I needed to do this again and found my own question.

Yes, you can copy local groups.  You need to copy /etc/filersid.cfg and /etc/lclgroups.cfg to your new filer.

cp /etc/lclgroups.cfg /etc/lclgroups.tmp

On Netapp:

useradmin domainuser load /etc/lclgroups.tmp

Announcements
All Community Forums
Public