Hi all,
I'm about to set up disaster recovery for the domain and followed
https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC
(as I am using Samba 4.13.5).
First I went for the online backup (which works), but AFAICS it requires
administrator authentication and is thus not really suited for
automated backups via a cronjob.
When I tried "samba-tool domain backup offline" however, this fails:
root at dc1:~# samba-tool domain backup offline --targetdir=/root/samba-backup
running backup on dirs: /var/lib/samba/private /var/lib/samba /etc/samba
Starting transaction on /var/lib/samba/private/secrets
Starting transaction on /var/lib/samba/private/sam.ldb
backing up /var/lib/samba/private/sam.ldb
backing up locked/related file
/var/lib/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=XXX.ldb
backing up locked/related file
/var/lib/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=XXX.ldb
copying locked/related file /var/lib/samba/private/sam.ldb.d/metadata.tdb
backing up locked/related file /var/lib/samba/private/sam.ldb.d/DC=XXX.ldb
backing up locked/related file
/var/lib/samba/private/sam.ldb.d/DC=FORESTDNSZONES,DC=XXX.ldb
backing up locked/related file
/var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=XXX.ldb
running tdbbackup on lone tdb file /var/lib/samba/private/netlogon_creds_cli.tdb
tdb_mutex_open_ok[/var/lib/samba/private/netlogon_creds_cli.tdb]: Can use
mutexes only with MUTEX_LOCKING or NOLOCK
Failed to open /var/lib/samba/private/netlogon_creds_cli.tdb
Starting transaction on solo db: /var/lib/samba/private/privilege.ldb
running tdbbackup on the same file
Starting transaction on solo db: /var/lib/samba/private/share.ldb
running tdbbackup on the same file
Starting transaction on solo db: /var/lib/samba/private/hklm.ldb
running tdbbackup on the same file
running tdbbackup on lone tdb file /var/lib/samba/private/schannel_store.tdb
Starting transaction on solo db: /var/lib/samba/private/idmap.ldb
running tdbbackup on the same file
running tdbbackup on lone tdb file /var/lib/samba/registry.tdb
running tdbbackup on lone tdb file /var/lib/samba/share_info.tdb
running tdbbackup on lone tdb file /var/lib/samba/account_policy.tdb
running tdbbackup on lone tdb file /var/lib/samba/winbindd_cache.tdb
running tdbbackup on lone tdb file /var/lib/samba/private/netlogon_creds_cli.tdb
tdb_mutex_open_ok[/var/lib/samba/private/netlogon_creds_cli.tdb]: Can use
mutexes only with MUTEX_LOCKING or NOLOCK
Failed to open /var/lib/samba/private/netlogon_creds_cli.tdb
Starting transaction on solo db: /var/lib/samba/bind-dns/dns/sam.ldb
module samba_dsdb initialization failed : Operations error
Unable to load modules for /var/lib/samba/bind-dns/dns/sam.ldb:
partition_metadata: Migrating partition metadata: create of metadata.tdb gave:
partition_metadata: Unable to create
/var/lib/samba/bind-dns/dns/sam.ldb.d/metadata.tdb: Device or resource busy
ERROR(ldb): uncaught exception - partition_metadata: Migrating partition
metadata: create of metadata.tdb gave: partition_metadata: Unable to create
/var/lib/samba/bind-dns/dns/sam.ldb.d/metadata.tdb: Device or resource busy
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/domain_backup.py",
line 1082, in run
ldb_obj = Ldb(path, lp=lp)
File "/usr/lib/python3/dist-packages/samba/__init__.py", line 115,
in __init__
self.connect(url, flags, options)
The wiki says:
Note that despite this option's name, the DC does not actually need to
be offline when running this command
Is that still true? Should I be doing it differently?
Greetings,
Stefan
--
Stefan Bellon
On Wed, 2021-04-07 at 10:22 +0200, Stefan Bellon via samba wrote:> Hi all, > > I'm about to set up disaster recovery for the domain and followed > https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC > (as I am using Samba 4.13.5). > > First I went for the online backup (which works), but AFAICS it requires > administrator authentication and is thus not really suited for > automated backups via a cronjob. > > When I tried "samba-tool domain backup offline" however, this fails: > > module samba_dsdb initialization failed : Operations error > Unable to load modules for /var/lib/samba/bind-dns/dns/sam.ldb: partition_metadata: Migrating partition metadata: create of metadata.tdb gave: partition_metadata: Unable to create /var/lib/samba/bind-dns/dns/sam.ldb.d/metadata.tdb: Device or resource busy > > ERROR(ldb): uncaught exception - partition_metadata: Migrating partition metadata: create of metadata.tdb gave: partition_metadata: Unable to create /var/lib/samba/bind-dns/dns/sam.ldb.d/metadata.tdb: Device or resource busy > > ??File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run > ????return self.run(*args, **kwargs) > ??File "/usr/lib/python3/dist-packages/samba/netcmd/domain_backup.py", line 1082, in run > ????ldb_obj = Ldb(path, lp=lp) > ??File "/usr/lib/python3/dist-packages/samba/__init__.py", line 115, in __init__ > ????self.connect(url, flags, options) > > The wiki says: > > ??Note that despite this option's name, the DC does not actually need to > ??be offline when running this command > > Is that still true? Should I be doing it differently?This is still true, your issue is just a bug, see https://bugzilla.samba.org/show_bug.cgi?id=14027 Sorry for the trouble, we hope our backup tooling will have a few less edges shortly, thanks to the tireless work of Joseph Sutton who joined my team at Catalyst recently. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
On 07/04/2021 09:22, Stefan Bellon via samba wrote:> Hi all, > > I'm about to set up disaster recovery for the domain and followed > https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC > (as I am using Samba 4.13.5). > > First I went for the online backup (which works), but AFAICS it requires > administrator authentication and is thus not really suited for > automated backups via a cronjob. > > When I tried "samba-tool domain backup offline" however, this fails:You have hit a known bug, which has just been fixed, so it should be in the next releases of 4.13 and 4.14. You can use the online backup from cron, just create a script (If you cannot, talk nicely and I will give you a copy of mine) , basically it boils down to using kerberos and adding '-N' to the command. Rowland
Hai, it this also know, i you already have authenticated with kerberos, you need to re-enter the smb password. kinit Administrator samba-tool domain backup online --server=dc1.$(hostname -d) \ --targetdir=/root/samba-backup -k yes That runs but ... Also has a small error. :-( ... this.. This comes later on.. Backing up sysvol files (via SMB)... Password for [Administrator at REALM_HERE]: since i authenticatied with kerberos already, i would not have expected an password question here. :-/ Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny via > samba > Verzonden: woensdag 7 april 2021 10:53 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba-tool domain backup offline fails > > On 07/04/2021 09:22, Stefan Bellon via samba wrote: > > Hi all, > > > > I'm about to set up disaster recovery for the domain and followed > > https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC > > (as I am using Samba 4.13.5). > > > > First I went for the online backup (which works), but AFAICS it requires > > administrator authentication and is thus not really suited for > > automated backups via a cronjob. > > > > When I tried "samba-tool domain backup offline" however, this fails: > > > You have hit a known bug, which has just been fixed, so it should be in > the next releases of 4.13 and 4.14. > > You can use the online backup from cron, just create a script (If you > cannot, talk nicely and I will give you a copy of mine) , basically it > boils down to using kerberos and adding '-N' to the command. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba