[Samba] Samba 4 DC backups

Brady, Mike mike.brady at devnull.net.nz
Tue Sep 1 02:59:20 UTC 2015 

I have a few Samba 4.2 DC in production now and figured that I should do 
something about backups.

I have read 
https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and 
had a look through the samba_backup script and have a few questions.

Firstly I am using the Sernet packages on Centos7.

I am assuming the following mappings from the script for my set up
/usr/local/samba/etc is /etc/samba
/usr/local/samba/private is /var/lib/samba/private
/usr/local/samba/sysvol is /var/lib/samba/sysvol

Does this look correct?

The samba_backup script does a tdbbackup of ldb files.  In my case that 
would be the following:
[root at dc02 ~]# cd /var/lib/samba/
[root at dc02 samba]# find . -name "*.ldb"
./private/sam.ldb
./private/privilege.ldb
./private/share.ldb
./private/idmap.ldb
./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
./private/dns/sam.ldb
./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
./private/hklm.ldb
./private/secrets.ldb

The script then does a tar of the /usr/local/samba (/var/lib/samba in my 
case) excluding the *.ldb files, but including the *.ldb.bak files, 
which all makes sense.

But there are also the following tdb files in the /var/lib/samba 
directory.
[root at dc02 ~]# cd /var/lib/samba/
[root at dc02 samba]# find . -name "*.tdb"
./share_info.tdb
./private/randseed.tdb
./private/sam.ldb.d/metadata.tdb
./private/dns/sam.ldb.d/metadata.tdb
./private/secrets.tdb
./private/smbd.tmp/msg/names.tdb
./private/netlogon_creds_cli.tdb
./private/schannel_store.tdb
./registry.tdb
./winbindd_cache.tdb
./account_policy.tdb

The script will include these in the backup without doing a tdbback 
which I would not have thought was safe?  Should these files be excluded 
or have a tdbbackup done like the ldb files, or am I totally missing 
something?

Regards

Mike

More information about the samba mailing list