samba - Mar 2021 - Automated samba online backup.

I would strongly recommend against this 'solution'.  Unless you lock
the Samba DB during the backup, you cannot know that the DB is in a
consistent state to take the backup. 

The same concerns expressed for PostgreSQL apply to Samba:

https://www.postgresql.org/docs/9.1/backup-file.html

Andrew Bartlett

On Fri, 2021-03-19 at 13:17 -0500, Christopher Wensink via samba
wrote:
> We accomplish what your asking without asking for an admin password,
> but 
> it's not done through samba-tool.  We have an external Synology NAS 
> device with 72 TB of total storage, that remotely connects into the 
> samba file share machine each night, and takes a file system backup. 
> It 
> additionally takes a full VM backup each night via a system snapshot.
> 
> There is no direct connection for the samba machine to connect to
> the 
> Synology, the Synology is reaching in and pulling out backups, this
> way 
> if the samba file share machine is compromised it will not affect
> the 
> backup machine.  DSM w/ Active Backup for business has worked pretty 
> well for us, and there are options to simply use rsync  on a shell
> on 
> the device if you want to do things that way too.  We went with a 12
> bay 
> Rackmount model, but there are consumer budget friendly devices 
> available that have have the same functionality.
> 
> Chris
> 
> On 3/19/2021 1:10 PM, Andrew Bartlett via samba wrote:
> > On Thu, 2020-04-30 at 10:27 -0300, Daniel Lopes de Carvalho via
> > samba
> > wrote:
> > > Hi
> > > 
> > > I'm looking for a way to automate samba online backup with
cron
> > > and
> > > without
> > > asking admin password. I wish to have a daily backup from my AD.
> > > 
> > > Is there a way to exec samba-tool domain backup without password
> > > or
> > > do I
> > > need to have a export a admin keytab or something like that.
> > > 
> > > Thanks
> > (sorry for the late reply)
> > 
> > In theory a keytab might work, and from there something that
> > refreshes
> > a credentials cache, but that is as sensitive as a password anyway.
> > 
> > An offline backup is what you want in cron, and we are currently
> > tidying up some of the rough edges on that.  If you see any issues
> > using the offline backup in your situation please file a bug.  We
> > are
> > fixing the incompatibility with BIND9_DLZ.
> > 
> > I hope this clarifies things,
> > 
> > Andrew Bartlett
> > 
> 
> -- 
> Christopher Wensink
> IS Administrator
> Five Star Plastics, Inc
> 1339 Continental Drive
> Eau Claire, WI 54701
> Office:  715-831-1682
> Mobile:  715-563-3112
> Fax:  715-831-6075
> cwensink at five-star-plastics.com
> www.five-star-plastics.com
> 
> 
> 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

On 19/03/2021 18:27, Andrew Bartlett via samba wrote:
> I would strongly recommend against this 'solution'.  Unless you
lock
> the Samba DB during the backup, you cannot know that the DB is in a
> consistent state to take the backup.
>
> The same concerns expressed for PostgreSQL apply to Samba:
>
> https://www.postgresql.org/docs/9.1/backup-file.html
>
> Andrew Bartlett
>
I am not entirely sure what the difference is between 'samba-tool domain 
backup online' and 'samba-tool domain backup offline', apart from
the
first works and the second doesn't (until the fix going through gitlab 
now is added) ?

the online version does work, you just have to use kerberos and add '-N'

Rowland