I have a few Samba 4.2 DC in production now and figured that I should do something about backups. I have read https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and had a look through the samba_backup script and have a few questions. Firstly I am using the Sernet packages on Centos7. I am assuming the following mappings from the script for my set up /usr/local/samba/etc is /etc/samba /usr/local/samba/private is /var/lib/samba/private /usr/local/samba/sysvol is /var/lib/samba/sysvol Does this look correct? The samba_backup script does a tdbbackup of ldb files. In my case that would be the following: [root at dc02 ~]# cd /var/lib/samba/ [root at dc02 samba]# find . -name "*.ldb" ./private/sam.ldb ./private/privilege.ldb ./private/share.ldb ./private/idmap.ldb ./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb ./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb ./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb ./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb ./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb ./private/dns/sam.ldb ./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb ./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb ./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb ./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb ./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb ./private/hklm.ldb ./private/secrets.ldb The script then does a tar of the /usr/local/samba (/var/lib/samba in my case) excluding the *.ldb files, but including the *.ldb.bak files, which all makes sense. But there are also the following tdb files in the /var/lib/samba directory. [root at dc02 ~]# cd /var/lib/samba/ [root at dc02 samba]# find . -name "*.tdb" ./share_info.tdb ./private/randseed.tdb ./private/sam.ldb.d/metadata.tdb ./private/dns/sam.ldb.d/metadata.tdb ./private/secrets.tdb ./private/smbd.tmp/msg/names.tdb ./private/netlogon_creds_cli.tdb ./private/schannel_store.tdb ./registry.tdb ./winbindd_cache.tdb ./account_policy.tdb The script will include these in the backup without doing a tdbback which I would not have thought was safe? Should these files be excluded or have a tdbbackup done like the ldb files, or am I totally missing something? Regards Mike
Here's what I do before tar'ring: find / -mount -type d -path /etc/samba-JMF -prune -o -name \*.tdb -exec tdbbackup {} \; find / -mount -name \*.tdb.bak -exec ls -l {} \; # (log .bak updates) This gets all the tdb files on the root filesystem, excluding mounted drived (-mount) and excluding tdb files I have in /etc/samba-JMF which is an old installation folder that I should probably delete anyway. Still, the example would show you what to do if you *don't* want to back up some tdb's. The 2nd find just logs the date/time of the tdb.bak files to the tarfile job log. For good measure, I also stop samba during the tar backup, which only takes 18 minutes (differential) on my system. But, I understand this is not necessary (though it might spare me from having to actually apply the tdb.bak files should I need to restore?) Also don't forget to backup ACLs and ATTRs unless your version of tar preserves these. Mine does not: getfattr -dR /redirectedFolders /var/lib/samba/sysvol /var/lib/samba/share getfacl -R /redirectedFolders /var/lib/samba/sysvol /var/lib/samba/share --Mark -----Original Message-----> Date: Tue, 01 Sep 2015 14:59:20 +1200 > From: "Brady, Mike" <mike.brady at devnull.net.nz> > To: samba at lists.samba.org > Subject: [Samba] Samba 4 DC backups > > I have a few Samba 4.2 DC in production now and figured that I should do > something about backups. > > I have read > https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and > had a look through the samba_backup script and have a few questions. > > Firstly I am using the Sernet packages on Centos7. > > I am assuming the following mappings from the script for my set up > /usr/local/samba/etc is /etc/samba > /usr/local/samba/private is /var/lib/samba/private > /usr/local/samba/sysvol is /var/lib/samba/sysvol > > Does this look correct? > > The samba_backup script does a tdbbackup of ldb files. In my case that > would be the following: > [root at dc02 ~]# cd /var/lib/samba/ > [root at dc02 samba]# find . -name "*.ldb" > ./private/sam.ldb > ./private/privilege.ldb > ./private/share.ldb > ./private/idmap.ldb > ./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb > ./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb > ./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb > ./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb > ./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb > ./private/dns/sam.ldb > ./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb > ./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb > ./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb > ./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb > ./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb > ./private/hklm.ldb > ./private/secrets.ldb > > The script then does a tar of the /usr/local/samba (/var/lib/samba in my > case) excluding the *.ldb files, but including the *.ldb.bak files, > which all makes sense. > > But there are also the following tdb files in the /var/lib/samba > directory. > [root at dc02 ~]# cd /var/lib/samba/ > [root at dc02 samba]# find . -name "*.tdb" > ./share_info.tdb > ./private/randseed.tdb > ./private/sam.ldb.d/metadata.tdb > ./private/dns/sam.ldb.d/metadata.tdb > ./private/secrets.tdb > ./private/smbd.tmp/msg/names.tdb > ./private/netlogon_creds_cli.tdb > ./private/schannel_store.tdb > ./registry.tdb > ./winbindd_cache.tdb > ./account_policy.tdb > > The script will include these in the backup without doing a tdbback > which I would not have thought was safe? Should these files be excluded > or have a tdbbackup done like the ldb files, or am I totally missing > something? > > Regards > > Mike > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
and most important... If you have 2 DC's ... ! NEVER USE THE BACKUP SCRIPT TO RESTORE ONE OF THE DC's ! This wil corrupt your AD databases.. Just remove the old DC from the domain and add a new one if needed . .. Rowland. This is also a nice to have in your backup script. Auto detect multiple DC's, we have that already in other scripts. In case of multple DC's, backup yes, restore no, display warning.. etc. something like that.. You can add it to the backup script "wishlist" ;-) Greetz, Louis>-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens Brady, Mike >Verzonden: dinsdag 1 september 2015 04:59 >Aan: samba at lists.samba.org >Onderwerp: [Samba] Samba 4 DC backups > >I have a few Samba 4.2 DC in production now and figured that I >should do >something about backups. > >I have read >https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and >had a look through the samba_backup script and have a few questions. > >Firstly I am using the Sernet packages on Centos7. > >I am assuming the following mappings from the script for my set up >/usr/local/samba/etc is /etc/samba >/usr/local/samba/private is /var/lib/samba/private >/usr/local/samba/sysvol is /var/lib/samba/sysvol > >Does this look correct? > >The samba_backup script does a tdbbackup of ldb files. In my >case that >would be the following: >[root at dc02 ~]# cd /var/lib/samba/ >[root at dc02 samba]# find . -name "*.ldb" >./private/sam.ldb >./private/privilege.ldb >./private/share.ldb >./private/idmap.ldb >./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO >,DC=NZ.ldb >./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO >,DC=NZ.ldb >./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO, >DC=NZ.ldb >./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMP >ANY,DC=CO,DC=NZ.ldb >./private/dns/sam.ldb >./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,D >C=CO,DC=NZ.ldb >./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,D >C=CO,DC=NZ.ldb >./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC >=CO,DC=NZ.ldb >./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC>COMPANY,DC=CO,DC=NZ.ldb >./private/hklm.ldb >./private/secrets.ldb > >The script then does a tar of the /usr/local/samba >(/var/lib/samba in my >case) excluding the *.ldb files, but including the *.ldb.bak files, >which all makes sense. > >But there are also the following tdb files in the /var/lib/samba >directory. >[root at dc02 ~]# cd /var/lib/samba/ >[root at dc02 samba]# find . -name "*.tdb" >./share_info.tdb >./private/randseed.tdb >./private/sam.ldb.d/metadata.tdb >./private/dns/sam.ldb.d/metadata.tdb >./private/secrets.tdb >./private/smbd.tmp/msg/names.tdb >./private/netlogon_creds_cli.tdb >./private/schannel_store.tdb >./registry.tdb >./winbindd_cache.tdb >./account_policy.tdb > >The script will include these in the backup without doing a tdbback >which I would not have thought was safe? Should these files >be excluded >or have a tdbbackup done like the ldb files, or am I totally missing >something? > >Regards > >Mike > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
On 01/09/15 07:48, L.P.H. van Belle wrote:> and most important... > > If you have 2 DC's ... > ! NEVER USE THE BACKUP SCRIPT TO RESTORE ONE OF THE DC's ! > > This wil corrupt your AD databases.. > Just remove the old DC from the domain and add a new one if needed . > > .. Rowland. > This is also a nice to have in your backup script. > Auto detect multiple DC's, we have that already in other scripts. > In case of multple DC's, backup yes, restore no, display warning.. etc. > something like that.. > > You can add it to the backup script "wishlist" ;-) > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Brady, Mike >> Verzonden: dinsdag 1 september 2015 04:59 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] Samba 4 DC backups >> >> I have a few Samba 4.2 DC in production now and figured that I >> should do >> something about backups. >> >> I have read >> https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and >> had a look through the samba_backup script and have a few questions. >> >> Firstly I am using the Sernet packages on Centos7. >> >> I am assuming the following mappings from the script for my set up >> /usr/local/samba/etc is /etc/samba >> /usr/local/samba/private is /var/lib/samba/private >> /usr/local/samba/sysvol is /var/lib/samba/sysvol >> >> Does this look correct? >> >> The samba_backup script does a tdbbackup of ldb files. In my >> case that >> would be the following: >> [root at dc02 ~]# cd /var/lib/samba/ >> [root at dc02 samba]# find . -name "*.ldb" >> ./private/sam.ldb >> ./private/privilege.ldb >> ./private/share.ldb >> ./private/idmap.ldb >> ./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO >> ,DC=NZ.ldb >> ./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO >> ,DC=NZ.ldb >> ./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO, >> DC=NZ.ldb >> ./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMP >> ANY,DC=CO,DC=NZ.ldb >> ./private/dns/sam.ldb >> ./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,D >> C=CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,D >> C=CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC >> =CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC>> COMPANY,DC=CO,DC=NZ.ldb >> ./private/hklm.ldb >> ./private/secrets.ldb >> >> The script then does a tar of the /usr/local/samba >> (/var/lib/samba in my >> case) excluding the *.ldb files, but including the *.ldb.bak files, >> which all makes sense. >> >> But there are also the following tdb files in the /var/lib/samba >> directory. >> [root at dc02 ~]# cd /var/lib/samba/ >> [root at dc02 samba]# find . -name "*.tdb" >> ./share_info.tdb >> ./private/randseed.tdb >> ./private/sam.ldb.d/metadata.tdb >> ./private/dns/sam.ldb.d/metadata.tdb >> ./private/secrets.tdb >> ./private/smbd.tmp/msg/names.tdb >> ./private/netlogon_creds_cli.tdb >> ./private/schannel_store.tdb >> ./registry.tdb >> ./winbindd_cache.tdb >> ./account_policy.tdb >> >> The script will include these in the backup without doing a tdbback >> which I would not have thought was safe? Should these files >> be excluded >> or have a tdbbackup done like the ldb files, or am I totally missing >> something? >> >> Regards >> >> Mike >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >>Hi Louis, I do it another way, my script will backup everything, but I have written a restore script which flat out refuses to restore anything if another DC is running. Rowland
Mark Ok so you doing the exact opposite of what the samba_backup script does with regards to ldb and tdb files, but then you are shutting down Samba to do a backup anyway so it doesn't really matter what you are doing in this regard. I want a consistent backup while Samba is running. Regards Mike On 2015-09-01 16:08, Mark Foley wrote:> Here's what I do before tar'ring: > > find / -mount -type d -path /etc/samba-JMF -prune -o -name \*.tdb > -exec tdbbackup {} \; > find / -mount -name \*.tdb.bak -exec ls -l {} \; # (log .bak updates) > > This gets all the tdb files on the root filesystem, excluding mounted > drived > (-mount) and excluding tdb files I have in /etc/samba-JMF which is an > old > installation folder that I should probably delete anyway. Still, the > example > would show you what to do if you *don't* want to back up some tdb's. > > The 2nd find just logs the date/time of the tdb.bak files to the > tarfile job > log. > > For good measure, I also stop samba during the tar backup, which only > takes 18 > minutes (differential) on my system. But, I understand this is not > necessary > (though it might spare me from having to actually apply the tdb.bak > files should > I need to restore?) > > Also don't forget to backup ACLs and ATTRs unless your version of tar > preserves > these. Mine does not: > > getfattr -dR /redirectedFolders /var/lib/samba/sysvol > /var/lib/samba/share > getfacl -R /redirectedFolders /var/lib/samba/sysvol > /var/lib/samba/share > > --Mark > > -----Original Message----- >> Date: Tue, 01 Sep 2015 14:59:20 +1200 >> From: "Brady, Mike" <mike.brady at devnull.net.nz> >> To: samba at lists.samba.org >> Subject: [Samba] Samba 4 DC backups >> >> I have a few Samba 4.2 DC in production now and figured that I should >> do >> something about backups. >> >> I have read >> https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and >> had a look through the samba_backup script and have a few questions. >> >> Firstly I am using the Sernet packages on Centos7. >> >> I am assuming the following mappings from the script for my set up >> /usr/local/samba/etc is /etc/samba >> /usr/local/samba/private is /var/lib/samba/private >> /usr/local/samba/sysvol is /var/lib/samba/sysvol >> >> Does this look correct? >> >> The samba_backup script does a tdbbackup of ldb files. In my case >> that >> would be the following: >> [root at dc02 ~]# cd /var/lib/samba/ >> [root at dc02 samba]# find . -name "*.ldb" >> ./private/sam.ldb >> ./private/privilege.ldb >> ./private/share.ldb >> ./private/idmap.ldb >> ./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/dns/sam.ldb >> ./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/hklm.ldb >> ./private/secrets.ldb >> >> The script then does a tar of the /usr/local/samba (/var/lib/samba in >> my >> case) excluding the *.ldb files, but including the *.ldb.bak files, >> which all makes sense. >> >> But there are also the following tdb files in the /var/lib/samba >> directory. >> [root at dc02 ~]# cd /var/lib/samba/ >> [root at dc02 samba]# find . -name "*.tdb" >> ./share_info.tdb >> ./private/randseed.tdb >> ./private/sam.ldb.d/metadata.tdb >> ./private/dns/sam.ldb.d/metadata.tdb >> ./private/secrets.tdb >> ./private/smbd.tmp/msg/names.tdb >> ./private/netlogon_creds_cli.tdb >> ./private/schannel_store.tdb >> ./registry.tdb >> ./winbindd_cache.tdb >> ./account_policy.tdb >> >> The script will include these in the backup without doing a tdbback >> which I would not have thought was safe? Should these files be >> excluded >> or have a tdbbackup done like the ldb files, or am I totally missing >> something? >> >> Regards >> >> Mike >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >>
On 2015-09-01 18:48, L.P.H. van Belle wrote:> and most important... > > If you have 2 DC's ... > ! NEVER USE THE BACKUP SCRIPT TO RESTORE ONE OF THE DC's ! > > This wil corrupt your AD databases.. > Just remove the old DC from the domain and add a new one if needed . > > .. Rowland. > This is also a nice to have in your backup script. > Auto detect multiple DC's, we have that already in other scripts. > In case of multple DC's, backup yes, restore no, display warning.. etc. > something like that.. > > You can add it to the backup script "wishlist" ;-) > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Brady, Mike >> Verzonden: dinsdag 1 september 2015 04:59 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] Samba 4 DC backups >> >> I have a few Samba 4.2 DC in production now and figured that I >> should do >> something about backups. >> >> I have read >> https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and >> had a look through the samba_backup script and have a few questions. >> >> Firstly I am using the Sernet packages on Centos7. >> >> I am assuming the following mappings from the script for my set up >> /usr/local/samba/etc is /etc/samba >> /usr/local/samba/private is /var/lib/samba/private >> /usr/local/samba/sysvol is /var/lib/samba/sysvol >> >> Does this look correct? >> >> The samba_backup script does a tdbbackup of ldb files. In my >> case that >> would be the following: >> [root at dc02 ~]# cd /var/lib/samba/ >> [root at dc02 samba]# find . -name "*.ldb" >> ./private/sam.ldb >> ./private/privilege.ldb >> ./private/share.ldb >> ./private/idmap.ldb >> ./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO >> ,DC=NZ.ldb >> ./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO >> ,DC=NZ.ldb >> ./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO, >> DC=NZ.ldb >> ./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMP >> ANY,DC=CO,DC=NZ.ldb >> ./private/dns/sam.ldb >> ./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,D >> C=CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,D >> C=CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC >> =CO,DC=NZ.ldb >> ./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC>> COMPANY,DC=CO,DC=NZ.ldb >> ./private/hklm.ldb >> ./private/secrets.ldb >> >> The script then does a tar of the /usr/local/samba >> (/var/lib/samba in my >> case) excluding the *.ldb files, but including the *.ldb.bak files, >> which all makes sense. >> >> But there are also the following tdb files in the /var/lib/samba >> directory. >> [root at dc02 ~]# cd /var/lib/samba/ >> [root at dc02 samba]# find . -name "*.tdb" >> ./share_info.tdb >> ./private/randseed.tdb >> ./private/sam.ldb.d/metadata.tdb >> ./private/dns/sam.ldb.d/metadata.tdb >> ./private/secrets.tdb >> ./private/smbd.tmp/msg/names.tdb >> ./private/netlogon_creds_cli.tdb >> ./private/schannel_store.tdb >> ./registry.tdb >> ./winbindd_cache.tdb >> ./account_policy.tdb >> >> The script will include these in the backup without doing a tdbback >> which I would not have thought was safe? Should these files >> be excluded >> or have a tdbbackup done like the ldb files, or am I totally missing >> something? >> >> Regards >> >> Mike >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >>Hi Louis Yes I am aware of that. As I said I have read the wiki page https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC which makes this quite clear. Not that I needed to be told the consequences of copying a running database file :-) But unless I am completely misreading the samba_backup script, that is exactly what it is doing for the *.tdb files that I have listed above. So either the *.tdb files should be excluded or they need to backed using tdbbackup. Either way the samba_backup script looks wrong to me. Regards Mike
On Tue, 2015-09-01 at 14:59 +1200, Brady, Mike wrote:> The script will include these in the backup without doing a tdbback > which I would not have thought was safe? Should these files be > excluded > or have a tdbbackup done like the ldb files, or am I totally missing > something? >You are entirely correct. Any chance of a patch? Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On 2015-09-05 21:14, Andrew Bartlett wrote:> On Tue, 2015-09-01 at 14:59 +1200, Brady, Mike wrote: > >> The script will include these in the backup without doing a tdbback >> which I would not have thought was safe? Should these files be >> excluded >> or have a tdbbackup done like the ldb files, or am I totally missing >> something? >> > > You are entirely correct. Any chance of a patch? > > Thanks, > > Andrew BartlettSorry, but no. I don't know Perl and I am not actually using the script. I was just looking for info on how to do backups correctly in my environment. I am using Bacula for backups, so the Bacula fileset determines what goes in the backup and I have a Python script that does the tdbbackup. Happy to share the Python script if any one wants it, but it is hard coded with the specifics of my environment (Centos 7/Sernet packages/Bacula) and just runs the tdbbackup on all the ldb/tdb files and does nothing else. Regards Mike