I use Louis' scripts from https://github.com/thctlo/samba4 to backup my DCs per cronjob. Can't remember when but I remember someone (Louis himself?) to notice that his backup script wasn't good enough anymore or something. The Samba Wiki brings this: https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC So what is the recommended way to automate this? Run the command for the online-backup from a script, with the password in the script? What is best practice here? Thanks in advance, Stefan
On 07/12/2022 07:43, Stefan G. Weichinger via samba wrote:> > I use Louis' scripts from https://github.com/thctlo/samba4 to backup my > DCs per cronjob. > > Can't remember when but I remember someone (Louis himself?) to notice > that his backup script wasn't good enough anymore or something. > > The Samba Wiki brings this: > > https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC > > So what is the recommended way to automate this? > > Run the command for the online-backup from a script, with the password > in the script? > > What is best practice here? Thanks in advance, Stefan >The best practise was to use kerberos, but all the recent changes seem to have stopped this working. It now requires the 'cifs/FQDN' SPN to backup Sysvol, so it appears that you can no longer use a users ticket. Using a user that is a member of Domain Admins (and their password) does work, but that means the password is sent over the wire. Rowland
On Wed, 2022-12-07 at 08:43 +0100, Stefan G. Weichinger via samba wrote:> I use Louis' scripts from https://github.com/thctlo/samba4 to backup my > DCs per cronjob. > > Can't remember when but I remember someone (Louis himself?) to notice > that his backup script wasn't good enough anymore or something. > > The Samba Wiki brings this: > > https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC > > So what is the recommended way to automate this? > > Run the command for the online-backup from a script, with the password > in the script? > > What is best practice here? Thanks in advance, Stefan >samba-tool domain backup offline should be entirely reasonable to run from cron. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba