[Samba] Samba 4 DC backups

L.P.H. van Belle belle at bazuin.nl
Tue Sep 1 06:48:44 UTC 2015


and most important... 

If you have 2 DC's ... 
! NEVER USE THE BACKUP SCRIPT TO RESTORE ONE OF THE DC's  ! 

This wil corrupt your AD databases.. 
Just remove the old DC from the domain and add a new one if needed . 

.. Rowland. 
This is also a nice to have in your backup script. 
Auto detect multiple DC's, we have that already in other scripts. 
In case of multple DC's, backup yes, restore no, display warning.. etc. 
something like that..  

You can add it to the backup script "wishlist"  ;-) 

Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens Brady, Mike
>Verzonden: dinsdag 1 september 2015 04:59
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba 4 DC backups
>
>I have a few Samba 4.2 DC in production now and figured that I 
>should do 
>something about backups.
>
>I have read 
>https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and 
>had a look through the samba_backup script and have a few questions.
>
>Firstly I am using the Sernet packages on Centos7.
>
>I am assuming the following mappings from the script for my set up
>/usr/local/samba/etc is /etc/samba
>/usr/local/samba/private is /var/lib/samba/private
>/usr/local/samba/sysvol is /var/lib/samba/sysvol
>
>Does this look correct?
>
>The samba_backup script does a tdbbackup of ldb files.  In my 
>case that 
>would be the following:
>[root at dc02 ~]# cd /var/lib/samba/
>[root at dc02 samba]# find . -name "*.ldb"
>./private/sam.ldb
>./private/privilege.ldb
>./private/share.ldb
>./private/idmap.ldb
>./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO
>,DC=NZ.ldb
>./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO
>,DC=NZ.ldb
>./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,
>DC=NZ.ldb
>./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMP
>ANY,DC=CO,DC=NZ.ldb
>./private/dns/sam.ldb
>./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,D
>C=CO,DC=NZ.ldb
>./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,D
>C=CO,DC=NZ.ldb
>./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC
>=CO,DC=NZ.ldb
>./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=
>COMPANY,DC=CO,DC=NZ.ldb
>./private/hklm.ldb
>./private/secrets.ldb
>
>The script then does a tar of the /usr/local/samba 
>(/var/lib/samba in my 
>case) excluding the *.ldb files, but including the *.ldb.bak files, 
>which all makes sense.
>
>But there are also the following tdb files in the /var/lib/samba 
>directory.
>[root at dc02 ~]# cd /var/lib/samba/
>[root at dc02 samba]# find . -name "*.tdb"
>./share_info.tdb
>./private/randseed.tdb
>./private/sam.ldb.d/metadata.tdb
>./private/dns/sam.ldb.d/metadata.tdb
>./private/secrets.tdb
>./private/smbd.tmp/msg/names.tdb
>./private/netlogon_creds_cli.tdb
>./private/schannel_store.tdb
>./registry.tdb
>./winbindd_cache.tdb
>./account_policy.tdb
>
>The script will include these in the backup without doing a tdbback 
>which I would not have thought was safe?  Should these files 
>be excluded 
>or have a tdbbackup done like the ldb files, or am I totally missing 
>something?
>
>Regards
>
>Mike
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>




More information about the samba mailing list