samba-tool domain backup and xattrs

Rowland Penny rpenny at
Mon Apr 9 10:08:31 UTC 2018

On Mon, 09 Apr 2018 21:27:25 +1200
Andrew Bartlett <abartlet at> wrote:

> On Mon, 2018-04-09 at 09:11 +0100, Rowland Penny wrote:
> > No, it says to me that because a Catalyst client wants to do an
> > 'Authoritative' restore, everybody must do so, even though this is
> > totally unnecessary.
> > 
> > If you have a good backup of ANY DC, you just need to restore this
> > to the DC it came from (same FQDN, IP) and it will work. Yes, you
> > will have to remove all the other dead DCs and seize the FSMO
> > roles, but it would work.
> Now I'm confused, Isn't what you describe just what metze asked for
> and what I've said we are implementing?

No, I am talking about a proper process:

Run the restore script, which will do nothing if other DCs are detected.
If no other DCs, restore the DC.
Run (separately) 'samba-tool domain demote --remove-other-dead-server='
for any other DCs (no point in re-inventing the wheel)
Check FSMO roles and seize any not held by this DC.

You will then have a working DC (provided the backup was taken from a
'good' DC)

> Beyond that I think perhaps we should park this in any case until
> Aaron has a chance to finish his tool.  He is working on the xattr
> requirement and I'm very glad this was raised as it was overlooked at
> the requirements stage. 

I do hope he going to change the very large mistake that is in the
previously version posted, the one that makes the 'sh' script useless
to distros.


More information about the samba-technical mailing list