[Samba] Disaster recovery on PDC

John H Terpstra jht at samba.org
Fri Aug 27 18:15:38 GMT 2004 

Felix,

You should always record the Domain SID so that you can restore it.

To obtain the Domain SID (using samba-2.2.x):
	smbpasswd -X 'Domain_Name'

The Domain SID looks like this:
	S-1-5-21-xxxxxxx-xxxxxxx-xxxxxxxx

To restore the SID on a samba-2.2.x server:
	smbpasswd -W S-1-5-21-xxxxxxx-xxxxxxx-xxxxxxxx


You should also make backup/archival copies of:
	/etc/samba/*
	/var/lib/samba/*

These should be restored on the recovery machine. Also, please make sure that 
the recovery machine has the same hostname as the original machine.

Cheers,
John T.


On Friday 27 August 2004 11:36, Fabiano Felix wrote:
> OK, if I perform a fresh install and put the old secrets.tdb, the domain
> will work fine?
>
> I use LDAP as backend, how I put the SID on LDAP? At this moment, I'm using
> the Samba 2.2.x (I can't found how to proceed).
>
> A more specific case: one of my customers use the SUSE Linux Standard
> Server (with Samba 2.2.5 on install and after update Samba 2.2.8a), which
> provides an interface to install a PDC with LDAP and to manager the
> users/samba. On install, it create the domain (and the secrets.tdb). In
> case of disaster recovery, if I, on install finish, stop the service (or
> turn off the network service during install) and change the secrets.tdb,
> the domain will be OK?
>
> Thanks and regards,
>
> Fabiano Felix
>
> On Aug 26, 2004 08:18 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> > On Thu, 2004-08-26 at 22:22, Fabiano Felix wrote:
> > > Hi all,
> > >
> > > I search about disaster recovery, but I can't understand how to
> > > proceed...
> > >
> > > I perform backups on my PDC (data and configuration). My question
> > > is about secrets.tdb: according some docs, I can't install a new
> > > server and just put the secrets.tdb on samba configuration
> > > directory, because the SID it's specific. If I don't repair
> > > this file, the domain SID will be change and the machines can't
> > > locate the domain (and I have to put it again on domain).
> > >
> > > How to proceed to repair a PDC without problems? (in moment, I'm
	> > > using Samba 2.x, but I'll migrate to 3.x).
> >
> > If you keep the same machine name, then it will not be an issue.
> >
> > If you change the machine's name, then you should note the machine's
> > sid, and follow some of the advise on this list for manually setting a
> > machine/domain SID.
> >
> > Samba 3.0 has command in 'net' to handle this, it's messier in Samba
> > 2.2.
> >
> > If your configuration is in LDAP, we make attempts to use the Domain SID
> > maintained in LDAP, to avoid some of these issues.
> >
> > Andrew Bartlett
> >
> > --
> > Andrew Bartlett                                 abartlet at samba.org
> > Authentication Developer, Samba Team            http://samba.org
> > Student Network Administrator, Hawker College   abartlet at hawkerc.net

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.

More information about the samba mailing list