[PATCH: Domain backup samba-tool command]
abartlet at samba.org
Thu May 10 18:47:11 UTC 2018
On Fri, 2018-03-23 at 07:32 +0100, Stefan Metzmacher via samba-
> Am 23.03.2018 um 05:59 schrieb Aaron Haslett via samba-technical:
> > The exists shell script for backing up a domain doesn't lock things
> > properly while doing the backup and could end up with a corrupt backup
> > or cause a lockup. Here's a new python script that actually works,
> > along with tests and required fixes.
> I haven't looked into this in detail, but I have a few questions/comments:
> - Can you write down in words would the new command is supposed to do?
> - The most important part of a backup is always the restore!
> I come across a few sites already, which tried to restore
> DCs from a VM snapshot and corrupted the replication state.
> I think we really need a corresponding restore command
> and make it relatively hard to restore the backup without
> using the restore command.
> The restore command should also do this on the backup databases:
> - reset highestCommittedUSN to 1 and invent a new invocationID
> that will be used for further replPropertyMetaData stamps
> - samba-tool domain demote --remove-other-dead-server for all
> - create a new machine account and NTDSDsa object (with the new
> - samba-tool fsmo seize for all roles
> - change the krbtgt passwords twice
> So that the restored domain will never replicate with any existing
> DC, as it's only a last resort if really all DCs are broken.
> Can you please read through the C related patches and fix
> tab vs. whitespaces or missing whitespaces.
Just a heads-up that I plan to review arron's more recent evolution of
this work soon.
The current WIP is here
A number of the patches here are ready. The concerns addressed above
are really critical and will be covered by the comprehensive restore
tool. We have a client very keen to be able to safely, automatically
restore their network so having this fully automated is really
important, and I thank you for insisting on it (thankfully it was also
our plan all along).
I understand Rowland's query on xattrs has also been dealt with.
In the short term I've start with the keytab fix and a patch (currently
in the WIP patch) that causes samba to refuse to start from a simple
untar of the backup. This will allow the backup tool to be safely
merged while addressing the 'it must not be trivial to do an un-
authoritative restore' requirement.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical