[PATCH: Domain backup samba-tool command]

Andrew Bartlett abartlet at samba.org
Thu May 10 18:47:11 UTC 2018

On Fri, 2018-03-23 at 07:32 +0100, Stefan Metzmacher via samba-
technical wrote:
> Am 23.03.2018 um 05:59 schrieb Aaron Haslett via samba-technical:
> > The exists shell script for backing up a domain doesn't lock things
> > properly while doing the backup and could end up with a corrupt backup
> > or cause a lockup.  Here's a new python script that actually works,
> > along with tests and required fixes.
> I haven't looked into this in detail, but I have a few questions/comments:
> - Can you write down in words would the new command is supposed to do?
> - The most important part of a backup is always the restore!
>   I come across a few sites already, which tried to restore
>   DCs from a VM snapshot and corrupted the replication state.
>   I think we really need a corresponding restore command
>   and make it relatively hard to restore the backup without
>   using the restore command.
>   The restore command should also do this on the backup databases:
>   - reset highestCommittedUSN to 1 and invent a new invocationID
>     that will be used for further replPropertyMetaData stamps
>   - samba-tool domain demote --remove-other-dead-server for all
>     servers
>   - create a new machine account and NTDSDsa object (with the new
>     invocationID)
>   - samba-tool fsmo seize for all roles
>   - change the krbtgt passwords twice
>   So that the restored domain will never replicate with any existing
>   DC, as it's only a last resort if really all DCs are broken.
> Can you please read through the C related patches and fix
> tab vs. whitespaces or missing whitespaces.

Just a heads-up that I plan to review arron's more recent evolution of
this work soon. 

The current WIP is here 


A number of the patches here are ready.  The concerns addressed above
are really critical and will be covered by the comprehensive restore
tool.  We have a client very keen to be able to safely, automatically
restore their network so having this fully automated is really
important, and I thank you for insisting on it (thankfully it was also
our plan all along). 

I understand Rowland's query on xattrs has also been dealt with. 

In the short term I've start with the keytab fix and a patch (currently
in the WIP patch) that causes samba to refuse to start from a simple
untar of the backup.  This will allow the backup tool to be safely
merged while addressing the 'it must not be trivial to do an un-
authoritative restore' requirement. 


Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list