How to backup samba4

steve steve at steve-ss.com
Fri Aug 24 03:24:23 MDT 2012 

On 08/23/2012 11:08 PM, Andrew Bartlett wrote:
> On Thu, 2012-08-23 at 15:54 -0500, Ricky Nance wrote:
>> - What do I have to backup from samba (byside the data on the shares) to
>> restore the whole AD if neccessary? (/usr/local/samba/private|etc|**var +
>> sysvol + netlogon folder?
>>
>> Lets say you have your samba4 install at /usr/local/samba, you will need to
>> backup (at a minimum) /usr/local/samba/etc, /usr/local/samba/private
>> and /usr/local/samba/sysvol (which has been moved in later release
>> to /usr/local/samba/var/locks/sysvol). Its really important to ensure that
>> you backup ACL's as they are stored on the filesystem not in a tdb or ldb
>> (unless you have this in your config, again not recommended). If you don't
>> get the ACL's backed up, then you are in for a LONG restore, however I
>> think Andrew is working on some samba-tool commands to make this a bit
>> easier for future installs, but even then it will not know what you have on
>> your current install, so at best it will only do defaults. Currently in the
>> master git there is a way to restore your sysvol ACL's to default, this is
>> part of a patch for Domain Admins being able to modify/create GPO's, but
>> this code could be (and I think will be at some point) expanded to work
>> with other shares.
> What I have is a tool to reset the GPO and sysvol permissions to the
> defaults (samba-tool ntacl sysvolreset) which should be helpful.  It
> isn't possible to make this tool generic (because what permissions do
> you want!), but what we can do is write a tool to migrate ntacls between
> xattr and database formats, which could ease backup/restore in some
> situations (ie put it in a tdb just before the backup).
>
> It is better if your backup can preserve the file system extended
> attributes however.
>
>> By the way, the sysvol directory by default has all the GPO's and your
>> netlogon info, so there is no need to backup sysvol and netlogon. I have
>> not seen any case where var, include, share, lib, bin or sbin need to be
>> backed up, but if you are paranoid, they normally aren't too large. I have
>> a couple of large msi files (around 350mb) sitting in my GPO's and my
>> entire samba directory is only 605mb. I have around 350 users and 250
>> machines. It is also worth mentioning if you are using bind9 dlz, you need
>> to backup the symlinks exactly in private/dns, otherwise your restore will
>> work fine, but your zones won't update with your AD.
>>
>> Hope this has answered your questions,
>> Ricky
> Thanks for the extra hints!
>
> Andrew Bartlett
>
Hi
To backup I rsync /usr/local/samba to an ext4 formatted disk.
Is this OK as a backup?
Cheers,
Steve

More information about the samba-technical mailing list