15.2 Using the Migration Commands

This section covers data migration from the NTFS file system on Windows NT, 2000, or 2003 source machines to NSS or NCP volumes on OES 2 Linux servers.

15.2.1 Migration Commands to Use

The main command to use is migfiles. To map the users and groups from the source domain to the target eDirectory tree, you need to use ntfsmls, maptrustees, and migtrustees. To map the user and group permissions, you also need to use ntfsmls, ntfsmap, and migrights.

15.2.2 Migration Steps

  1. Run the migfiles command to copy the data from the source to the target server.

  2. Capture the ACL and rights information of the Windows share by running ntfsmls and redirecting the output to a file.

  3. Generate a list of users and groups who have rights to the files on the source share by running ntuserls.

  4. Run the following commands in the order specified to map the Windows users and groups in the generated list to eDirectory users and groups and to create the new users and groups in the target tree:

    maptrustees

    migtrustees

  5. Run the following commands in the order specified to map the Windows users’ rights to eDirectory/NSS or NCP trustee rights:

    ntfsmap

    migrights

15.2.3 Example

The following example shows how to migrate data from a Windows share to an NSS volume on an OES 2 Linux server.

  1. Migrate the files from a share named WinShare on a Windows source server with an IP address of 192.168.1.3 to a target NSS volume named NSSVOL:

    migfiles -n -w -s 192.168.1.3 -v WinShare -i -V NSSVOL

    If you are migrating to a target NCP volume named VOL1, omit the -n option:

    migfiles -w -s 192.168.1.3 -v WinShare -i -V VOL1

    The migfiles command mounts the Windows share by using a CIFS mount and copies the files using rsync.

  2. Capture the ACL and rights information of the Windows share to an output file:

    ntfsmls -s 192.168.1.3 -v WinShare > ntfsmls.yaml

  3. Generate a list of users and groups who are assigned as authorized users for the files (with their ACLs) on the source share:

    ntuserls -g -s 192.168.1.3 ntfsmls.yaml > ntuserls.yaml

    Be sure to include the -g option.

  4. Map the Windows users and groups in the generated list to eDirectory users and groups:

    maptrustees -s 192.168.1.3 -C DC=adminusers,DC=Windows, DC=Domain -k ou=winusers,o=org -r ntuserls.yaml > maptrustees.yaml

    The maptrustees command uses LDAP to retrieve the user attributes from Active Directory.

    Use the -C option to specify the Administrator user context.

    All Windows users are migrated into a single eDirectory container specified by the -k option (ou=winusers.o=org in this example).

    The -r option is for generating random passwords. If this option is used, each user is assigned a random password stored in the maptrustees output file (maptrustees.yaml in this example). If you want to assign users specific passwords, use the -S option instead of the -r option.

  5. Migrate/create the mapped users in the target eDirectory tree:

    migtrustees -d 192.168.1.67 maptrustees.yaml

  6. Map the Windows users’ rights to their files and folders to eDirectory/NSS trustee rights:

    ntfsmap -n -k ou=winusers,o=org -V NSSVOL ntfsmls.yaml > ntfsmap.yaml

    If you are migrating to a target NCP volume, omit the -n option:

    ntfsmap -k ou=winusers,o=org -V NCPVOL ntfsmls.yaml > ntfsmap.yaml

  7. Migrate/assign the eDirectory/NSS trustee rights on the target volume:

    migrights -i ntfsmap.yaml > migrights.yaml

15.2.4 Limitations

Be aware of the following limitations when migrating file system data from Windows to OES 2 Linux:

  • The Active Directory hierarchy is not maintained. All Windows users are migrated into a single eDirectory container.

  • The OES migration tool support the migration of Windows users and groups only. They do not support the migration of other Active Directory objects.

  • Migration of a Windows Encrypted File System (EFS) is not supported in this release of the OES migration tool.

  • Only the following Windows user attributes are migrated:

    • description
    • mail
    • facsimileTelephoneNumber
    • fullName
    • givenName
    • initials
    • language
    • physicalDeliveryOfficeName
    • postOfficeBox
    • postalCode
    • st
    • street
    • telephoneNumber
    • title

  • Windows Allow rights are supported, but not Deny rights.

  • The OES migration tool do not migrate file sharing permissions, only user rights assigned in the security permissions.

  • The OES migration tool do not support special Windows file types such as DFS junctions, shortcuts, and so on.

15.2.5 Troubleshooting

If the CIFS mount fails during the migfiles operation, try using the mount.cifs command to resolve issues related to mounting the source share.

If migfiles fails to unmount the Windows share from /tmp/migrate, use the following command to unmount the source share:

umount -i /tmp/migrate