samba-tool domain backup and xattrs

Andrew Bartlett abartlet at
Sun Apr 8 22:10:28 UTC 2018

On Sun, 2018-04-08 at 13:31 +0100, Rowland Penny via samba-technical
> On Sun, 08 Apr 2018 20:57:01 +1200
> Andrew Bartlett <abartlet at> wrote:
> > On Sun, 2018-04-08 at 09:08 +0100, Rowland Penny wrote:
> > 
> > > Where can I read Metze's restoration steps ?
> > 
> >
> > 
> > Andrew Bartlett
> OK, I must have missed that, it also provided me with the answer to
> where '-r' came from ;-)
> firstly, I think the tdbbackup changes need to be proposed as a single
> patch, if the present tdbbackup isn't safe, it should be made safe.

It isn't unsafe, it is just inoperative while a transaction lock is
outstanding.  That -r switch (use read locks) in turn is the most
practical way to get a lock over all the databases, so the simpliest
way forward was to add a new mode to tdbbackup.  

That change is a distinct commit in the patch set, and the version of
Samba using this change will rely on the version of tdb with that

> Now we come to Metze's comments:

> > The restore command should also do this on the backup databases:
> > - reset highestCommittedUSN to 1 and invent a new invocationID
> >   that will be used for further replPropertyMetaData stamps


> This wouldn't really be a restore, it would nearly be creating a new
> domain from existing data as 'classicupgrade' does.

> I have been looking into how windows deals with this situation and
> found this:
> It talks about two types of recovery without a working DC,
> 'Non-authoritative' & 'Authoritative'. Metze seems to want something
> similar to an 'Authoritative' restore, but, at the bottom of the page,
> there is this note:

Yes, both the client requesting the feature and Metze have requested an
authoritative restore. 

> Because the only case in which you would restore a domain controller
> from the backup image is when all domain controllers have been lost,
> authoritative restores should not be needed.

Yes, that is exactly what our client needs this for: when the domain is
'lost' due to replication corruption and needs to be re-built from a
known good backup.

I hope this clarifies things,

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team
Samba Development and Support, Catalyst IT

More information about the samba-technical mailing list