[Samba] Proper use of tdbbackup

Christian Perrier bubulle at debian.org
Wed Apr 1 05:02:18 GMT 2009

Quoting Fabio Muzzi (liste at kurgan.org):
> I have googled a lot, but I have found no examples of the correct use of
> the tdbbackup program. 
> I am looking for some advice on how to use tdbbackup. I mean, I know I
> can simply run "tdbbackup *.tdb", but I was looking for in-depth
> information on when and how to use it, about best practices on using it,
> or what NOT to do.
> The Samba documentations says I should run it in my start/stop scripts,
> but it seems that no distribution actually does this. Why? Is there some

To be honest, Debian has a suggestion to do it. Not in start/stop
scripts but more in regular maintenance tasks:


...which we tagged "wontfix" on the rationale that setting such backup
tasks should be up to the local administrator..just like any other
backup policy.

> I was thinking of running it every day as a chron job (not restarting
> Samba) and saving some backlog (some days worth of old backups). Is it
> useful? Since domain member machines change their domain password (am I
> correct?) automatically, if I restore an old backup can this lead to
> machines being unable to talk to the (samba) domain controller?

In the bug report mentioned above, it was observed that several TDB
files do actually deserve to be preserved. Noticeably, these are those
we put in /var/lib/samba on Debian systems:

bubulle at mykerinos:~> ls -l /var/lib/samba/
total 228
-rw-------  1 root root        8192 mai 17  2007 account_policy.tdb
-rw-------  1 root root       86016 oct  6  2007 group_mapping.ldb
-rw-------  1 root root        8192 mai 17  2007 group_mapping.tdb.upgraded
-rw-------  1 root root        8192 mai 17  2007 ntdrivers.tdb
-rw-------  1 root root         696 mai 17  2007 ntforms.tdb
-rw-------  1 root root        8192 mai 17  2007 ntprinters.tdb
-rw-------  1 root root       16384 mai 17  2007 passdb.tdb
drwxr-xr-x  2 root root           6 avr 24  2007 perfmon
drwxr-xr-x 10 root root         106 mai  9  2008 printers
-rw-------  1 root root       65536 mar 31 19:20 registry.tdb
-rw-------  1 root root        8192 mai 17  2007 share_info.tdb
drwxrwx--T  2 root sambashare     6 nov 17  2007 usershares
-rw-r--r--  1 root root        4096 mai 31  2007 winbindd_idmap.tdb
-rw-r--r--  1 root root         247 déc  8 06:34 wins.dat

This is on my laptop system where many Samba features such as printing
are not used.....and which may have some cruft left by old broken packages.

(secrets.tdb lives in /etc/samba on Debian systems)

More information about the samba mailing list