I am trying to determine which tdb files must be backed up in order to
perform a proper system restore. I am running Centos's
samba-4.9.1-6.el7.x86_64 as a PDC. There is a basic backup routine which
backs up all files under /var/lib/samba but this appears to be wasteful,
especially as gencache.tdb keeps growing until I delete.
I can find a Samba3 reference at
https://wiki.samba.org/index.php/TDB_Locations but it does not cover all
Samba4 files such as smbprofile.tdb. I can see gencache.tdb is not
needed - I have to delete it regularly as it keeps growing.
There was a thread in the mailing lists
https://lists.samba.org/archive/samba/2018-September/218367.html and
this seems to suggest you need nothing except
/var/lib/samba/private/{netlogon_creds_cli,secrets}.tdb or, perhaps,
just /var/lib/samba/private/secrets.tdb. Is that correct? Is anything
needed from /var/lib/samba/lock/.
I don't use printing, but is it an idea to backup everything under
/var/lib/samba/drivers and /var/lib/samba/DriverStore?
If there is a definitive document, I apologise, but ask you to link me
to it.
My directory listing is:
[root at server ~]# ls -l /var/lib/samba/*
-rw------- 1 root root??????? 421888 May 26? 2019
/var/lib/samba/account_policy.tdb
-rw-r--r-- 1 root root?????????? 295 Dec? 5 15:54 /var/lib/samba/browse.dat
-rw-r--r-- 1 root root?????? 2703360 Dec? 5 15:59
/var/lib/samba/gencache.tdb
-rw-r--r-- 1 root root?????????? 696 May 26? 2019
/var/lib/samba/login_cache.tdb
-rw------- 1 root root?????????? 696 May 26? 2019
/var/lib/samba/netsamlogon_cache.tdb
-rw------- 1 root root??????? 106496 Jul 19? 2018
/var/lib/samba/registry.tdb
-rw------- 1 root root??????? 421888 May 26? 2019
/var/lib/samba/share_info.tdb
-rw-r--r-- 1 root root??????? 471040 Dec? 5 15:59
/var/lib/samba/smbprofile.tdb
-rw------- 1 root root???????? 32768 Dec? 4 12:50
/var/lib/samba/winbindd_cache.tdb
-rw-r--r-- 1 root root?????????? 999 Dec? 5 15:59 /var/lib/samba/wins.dat
-rw------- 1 root root????????? 8192 Dec? 5 15:49 /var/lib/samba/wins.tdb
/var/lib/samba/drivers:
total 0
/var/lib/samba/DriverStore:
total 0
drwxr-xr-x 2 root root 6 May? 1? 2019 FileRepository
drwxr-xr-x 2 root root 6 May? 1? 2019 Temp
/var/lib/samba/lock:
total 2936
-rw-r--r-- 1 root root 454656 Dec? 5 15:59 brlock.tdb
-rw------- 1 root root? 16384 Oct? 3? 2017 dbwrap_watchers.tdb
-rw-r--r-- 1 root root 454656 Dec? 5 15:59 gencache_notrans.tdb
-rw-r--r-- 1 root root? 32768 Dec? 5 15:56 leases.tdb
-rw-r--r-- 1 root root 737280 Dec? 5 15:59 locking.tdb
drwxr-xr-x 2 root root??? 152 Dec? 5 15:59 msg.lock
-rw-rw---- 1 root root? 12288 Dec? 4 12:50 names.tdb
-rw-r--r-- 1 root root? 20480 Dec? 5 15:55 printer_list.tdb
-rw-r--r-- 1 root root? 16384 May? 1? 2019 serverid.tdb
-rw-r--r-- 1 root root? 16384 Dec? 5 15:58 smbd_cleanupd.tdb
-rw------- 1 root root?? 8888 Dec? 4 12:50 smbXsrv_client_global.tdb
-rw------- 1 root root? 36864 Dec? 5 15:59 smbXsrv_open_global.tdb
-rw------- 1 root root? 40960 Dec? 5 15:59 smbXsrv_session_global.tdb
-rw------- 1 root root? 24576 Dec? 5 15:59 smbXsrv_tcon_global.tdb
-rw------- 1 root root? 24576 Dec? 4 12:50 smbXsrv_version_global.tdb
/var/lib/samba/printing:
total 28
-rw------- 1 root root 28672 Oct 31? 2012 printers.tdb
/var/lib/samba/private:
total 2572
drwx------ 2 root root???? 152 Dec? 5 15:59 msg.sock
-rw------- 1 root root??? 8888 Dec? 4 12:50 netlogon_creds_cli.tdb
-rw------- 1 root root 1286144 Sep? 3? 2017 sam.ldb
-rw------- 1 root root???? 696 Dec? 4 12:50 schannel_store.tdb
-rw------- 1 root root 1286144 Sep? 3? 2017 secrets.ldb
-rw------- 1 root root?? 45056 May 27? 2014 secrets.tdb
/var/lib/samba/winbindd_privileged:
total 0
srwxrwxrwx 1 root root 0 Dec? 4 12:50 pipe
Thanks,
Nick
On 05/12/2019 17:04, Nick Howitt via samba wrote:> I am trying to determine which tdb files must be backed up in order to > perform a proper system restore. I am running Centos's > samba-4.9.1-6.el7.x86_64 as a PDC.Is this an actual NT4-style PDC, or an AD DC you are erroneously calling a PDC ? We need to know this to give you the correct help. If it is an actual PDC, then is LDAP involved ? Rowland
On 05/12/2019 17:19, Rowland penny via samba wrote:> > On 05/12/2019 17:04, Nick Howitt via samba wrote: >> I am trying to determine which tdb files must be backed up in order >> to perform a proper system restore. I am running Centos's >> samba-4.9.1-6.el7.x86_64 as a PDC. > > Is this an actual NT4-style PDC, or an AD DC you are erroneously > calling a PDC ? > > We need to know this to give you the correct help. > > If it is an actual PDC, then is LDAP involved ? > > Rowland > > > >It is an NT4-style PDC with an LDAP back end.
Hi Nick! -<| Quoting Nick Howitt via samba <nick at howitts.co.uk>, on Thursday, 2019-12-05 05:04:04 PM |>-> I am trying to determine which tdb files must be backed up in order to > perform a proper system restore. I am running Centos's > samba-4.9.1-6.el7.x86_64 as a PDC. There is a basic backup routine which > backs up all files under /var/lib/samba but this appears to be wasteful, > especially as gencache.tdb keeps growing until I delete. > > I can find a Samba3 reference at > https://wiki.samba.org/index.php/TDB_Locations but it does not cover all > Samba4 files such as smbprofile.tdb. I can see gencache.tdb is not needed - > I have to delete it regularly as it keeps growing. > > There was a thread in the mailing lists > https://lists.samba.org/archive/samba/2018-September/218367.html and this > seems to suggest you need nothing except > /var/lib/samba/private/{netlogon_creds_cli,secrets}.tdb or, perhaps, just > /var/lib/samba/private/secrets.tdb. Is that correct? Is anything needed from > /var/lib/samba/lock/.Fwiw we have been using the JSON export in production for a while now to store backups of the domain member info. It is really handy not just in backups but also for debugging and testing because the plaintext-ish input format allows manipulating values like SIDs, principals and passwords, and diffing the results. I?ve been meaning to make the effort to get it upstreamed but other tasks got in the way. In any case, you can still find the latest revision on Gitlab: https://gitlab.com/samba-team/devel/samba/commits/phgsng-net-dominfo CI: https://gitlab.com/samba-team/devel/samba/pipelines/82886036 The patches should apply cleanly on top of 4.11 cause that?s what we rolled out to customers around two weeks ago. The export only covers the domain info of a member server though so ymmv. Regards, Philipp -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20191206/ddf28413/signature.sig>