samba - Nov 2019 - Cloning from a backup: unable to reach any KDC in realm

On Fri, 2019-11-15 at 20:16 +0000, Don Kuenz via samba
wrote:
>  
> Greetings,
> 
> This post pertains to a Disaster Recovery (DR) scenario on a Samba
> 4.8 
> server. The DR server was provisioned as a standalone host, on a 
> network isolated from the Production Server (PS).
>     The DR's /var/db/samba4 directory, which contains the private
> directory, was then renamed and replaced with the PS' /var/db/samba4
> backup. kinit now fails on the DR  with:
> 
> kinit: krb5_get_init_creds: unable to reach any KDC in realm
> PRODUCTION
> 
> Will   samba_dnsupdate --verbose   resolve this situation?
> Is there a way for the DR host to seize the KDC?
> What is the correct procedure to provision and clone a DR host from a
> backup?
The correct procedure is 
https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC

Just copying the files isn't advised, to start with a lock needs to be
taken over all the files to ensure a stable backup, which can only be
taken with the correct tools, unless the server has been stopped.

Andrew Bartlett
-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba