Maybe a stupid and tangential question, but ... Are there best practices for how to setup backup routines on a Samba file server when all the users are managed by AD? Files are owned by users and typically the group "Domain Users". I often read that backup routines should be set up using a non-root user set up for backups only, but that is always for a linux environment. Does the same apply when everything is in AD even though the backup program is actually running on the Linux machine?
On 13 March 2021 15:59 Marco Shmerykowsky wrote:> Maybe a stupid and tangential question, but ... > > Are there best practices for how to setup backup routines > on a Samba file server when all the users are managed > by AD? > > Files are owned by users and typically the group > "Domain Users". I often read that backup routines > should be set up using a non-root user set up for > backups only, but that is always for a linux environment. > > Does the same apply when everything is in AD even though > the backup program is actually running on the Linux machine?Take a look at BackupPC (https://backuppc.github.io/backuppc/) - I've found it very good. Roy
All my fileshares are backed by ZFS. There are tons of open source utilities to automatically snapshot and replicate ZFS datasets to other boxes. You can even expose those snapshots to Windows using the shadowcopy VFS module so users can recover things themselves. While I haven't done it, I'm sure you can store the Samba databases on a ZFS dataset as well to ensure you have backups. If not, it looks like samba-tool can easily 'snapshot' and dump data wherever you want: https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC#Online_DC_backup -A On Sat, Mar 13, 2021 at 7:59 AM Marco Shmerykowsky via samba < samba at lists.samba.org> wrote:> Maybe a stupid and tangential question, but ... > > Are there best practices for how to setup backup routines > on a Samba file server when all the users are managed > by AD? > > Files are owned by users and typically the group > "Domain Users". I often read that backup routines > should be set up using a non-root user set up for > backups only, but that is always for a linux environment. > > Does the same apply when everything is in AD even though > the backup program is actually running on the Linux machine? > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Whatever you end using, test a restore. Especially if you have complex NT ACLs, and you know how Windows sysadmins love to create those. I remember a case of some installation doing backups using remote rsync and snapshots and the moment they had to use it, they didn't backed up the NT ACLs. entirely. Samba could be using extra EAs for them and the way rsync and other tools backup EAs must be tested with a restore. On Sat, Mar 13, 2021, 11:59 AM Marco Shmerykowsky via samba < samba at lists.samba.org> wrote:> Maybe a stupid and tangential question, but ... > > Are there best practices for how to setup backup routines > on a Samba file server when all the users are managed > by AD? > > Files are owned by users and typically the group > "Domain Users". I often read that backup routines > should be set up using a non-root user set up for > backups only, but that is always for a linux environment. > > Does the same apply when everything is in AD even though > the backup program is actually running on the Linux machine? > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >