[Samba] Backup of virtualized Samba4 AD
Marc Muehlfeld
samba at marc-muehlfeld.de
Sun Nov 24 10:35:44 MST 2013
Hello Ulrich,
Am 19.11.2013 12:17, schrieb Ulrich Schinz:
> current situation: we have a Samba4 AD running on a VMware ESX-Cluster
> (ha/failover, ha-nfs-stores).
>
> I'm doing backups with ghetto VCB. Until now I only did
> "Snapshot-backups". But I know, that this way of backups is not the best
> way for domaincontrollers.
>
> I'm now planning to do backups by shutting down the VM, then doing
> backup and then starting machine again.
>
> Maybe someone can give me some hints, which backupsoftware to use or
> what to consider in this topic.
>
> Some time ago I had an error, that a client couldn't connect to AD
> ("Could not determin trust relation"... something like that was the
> errormessage).
>
> I'd like to avoid inconsitencies. Example:
>
> - SAMBA4 shut down
> - SAMBA4 backup
> - SAMBA4 start
> - HERE SOMETHING CAN OCCUR... WELL MAYBE
> - Server, which is connected to domain as a client, shut down
> - Server backup
> - Server start
>
> In this scenario it could be the case, that the client is doing
> something with the domaincontroller (where i wrote HERE SOMETHING
> CAN:......).
> Do you think restoring the Backup of SAMBA4 and the Server could be a
> Problem, or should this be no problem at all?
>
> I'm aware that I have to be carefull in a multiple AD-Server situation.
> But I'm unsure if there would be inconsistency problems in a AD-Clients
> situation....
I think, there is no difference if you backup a Samba VM or a real host.
For a single DC environment, have a look here:
http://wiki.samba.org/index.php/Backup_and_Recovery
That's all you need.
In a multiple DC environment, like you have, you can use the above Wiki
page to create backups of them, too. But whenever at least one DC is up
and the domain is fine, then never restore databases on a broken DC and
connect it to your network again! You will break you whole domain! It is
the same, when you restore a VM snapshot! Demote the machine, setup a
fresh Samba DC installation and join it to the domain again as DC. The
directory replication will bring everything back in sync.
If all DC are broken (total disaster case, we will hopefully never
have), then restore the backups you've made according to the backup
HowTo to _one_ machine, startup Samba AD, demote all other DC, setup all
other DC fresh and join them as DC again. If you have all FSMO roles on
one machine, then I would suggest to restore on this one. If not, then
maybe someone else can give some more points, what would be the best
machine to restore and allocate them again.
Regards,
Marc
More information about the samba
mailing list