[Samba] safe to replace just one ldb file?

Achim Gottinger achim at ag-web.biz
Tue Sep 2 10:21:18 MDT 2014

Am 02.09.2014 18:03, schrieb mourik jan heupink - merit:
> Hi all,
> Ok, I took a deep breath and I
> - shutdown samba DC on the specific host *only*
> - took a good backup of the /var/lib/samba dir
> - tdbbackupped all tdb & ldb files in
>  /var/lib/samba/private/sam.ldb.d, namely:
>     CN=SCHEMA...
>     DC=SAMBA...
>     metadata.tdb
>     sam.ldb
> Then swapped all 7 files, using lines like:
>  mv sam.ldb sam.ldb.deleted
>  cp sam.ldb.backup sam.ldb
> and
> Then I started samba again, while looking at /var/log/samba/log.samba, 
> and noticed a few replications, and no errors at all.
> Then checked samba-tool drs showrepl on *all* DC's, no errors, and 
> latest replication was a few minutes ago. (after the ldb/tdb swap)
> ADUC showed all DC's as online, and then as final confirmation: 
> samba-tool ldapcmp between our three DC's, and no differences 
> reported. Directory size for /var/lib/samba/private/sam.ldb.d went 
> down from 1.2GB to approx 53 MB.
> So all in all things still look healthy, and I guess tdbbackup can 
> actually dump ldb and tdb files. :-)
> Drink some water before doing this excersise, as you may sweat a bit 
> (scary stuff...) but in the end you gain a lot of diskspace.
> MJ
Thinking about it it is indeed not necessarry to shutdown all dc's. 
Thanks for reporting back.
I noticed the DnsThombstone fix introduced with 4.1.11 brings huge 
savings. The amount of deleted objects dimishes at an rate of 1000 
entries each day at an domain here. had around 20000 elements when i did 
the update ~10 ago at the moment it are  ~10000. With an tombstone 
lifetime of 30 days i'll wait another 20 days before i replace the ldb's 


More information about the samba mailing list