[Samba] Samba 4 DC backups

Brady, Mike mike.brady at devnull.net.nz
Tue Sep 1 07:19:31 UTC 2015 

Mark

Ok so you doing the exact opposite of what the samba_backup script does 
with regards to ldb and tdb files, but then you are shutting down Samba 
to do a backup anyway so it doesn't really matter what you are doing in 
this regard.

I want a consistent backup while Samba is running.

Regards

Mike

On 2015-09-01 16:08, Mark Foley wrote:
> Here's what I do before tar'ring:
> 
> find / -mount -type d -path /etc/samba-JMF -prune -o -name \*.tdb
> -exec tdbbackup {} \;
> find / -mount -name \*.tdb.bak -exec ls -l {} \;   # (log .bak updates)
> 
> This gets all the tdb files on the root filesystem, excluding mounted 
> drived
> (-mount) and excluding tdb files I have in /etc/samba-JMF which is an 
> old
> installation folder that I should probably delete anyway. Still, the 
> example
> would show you what to do if you *don't* want to back up some tdb's.
> 
> The 2nd find just logs the date/time of the tdb.bak files to the 
> tarfile job
> log.
> 
> For good measure, I also stop samba during the tar backup, which only 
> takes 18
> minutes (differential) on my system. But, I understand this is not 
> necessary
> (though it might spare me from having to actually apply the tdb.bak 
> files should
> I need to restore?)
> 
> Also don't forget to backup ACLs and ATTRs unless your version of tar 
> preserves
> these. Mine does not:
> 
> getfattr -dR /redirectedFolders /var/lib/samba/sysvol 
> /var/lib/samba/share
> getfacl -R /redirectedFolders /var/lib/samba/sysvol 
> /var/lib/samba/share
> 
> --Mark
> 
> -----Original Message-----
>> Date: Tue, 01 Sep 2015 14:59:20 +1200
>> From: "Brady, Mike" <mike.brady at devnull.net.nz>
>> To: samba at lists.samba.org
>> Subject: [Samba] Samba 4 DC backups
>> 
>> I have a few Samba 4.2 DC in production now and figured that I should 
>> do
>> something about backups.
>> 
>> I have read
>> https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and
>> had a look through the samba_backup script and have a few questions.
>> 
>> Firstly I am using the Sernet packages on Centos7.
>> 
>> I am assuming the following mappings from the script for my set up
>> /usr/local/samba/etc is /etc/samba
>> /usr/local/samba/private is /var/lib/samba/private
>> /usr/local/samba/sysvol is /var/lib/samba/sysvol
>> 
>> Does this look correct?
>> 
>> The samba_backup script does a tdbbackup of ldb files.  In my case 
>> that
>> would be the following:
>> [root at dc02 ~]# cd /var/lib/samba/
>> [root at dc02 samba]# find . -name "*.ldb"
>> ./private/sam.ldb
>> ./private/privilege.ldb
>> ./private/share.ldb
>> ./private/idmap.ldb
>> ./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>> ./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>> ./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>> ./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>> ./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>> ./private/dns/sam.ldb
>> ./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>> ./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>> ./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>> ./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>> ./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
>> ./private/hklm.ldb
>> ./private/secrets.ldb
>> 
>> The script then does a tar of the /usr/local/samba (/var/lib/samba in 
>> my
>> case) excluding the *.ldb files, but including the *.ldb.bak files,
>> which all makes sense.
>> 
>> But there are also the following tdb files in the /var/lib/samba
>> directory.
>> [root at dc02 ~]# cd /var/lib/samba/
>> [root at dc02 samba]# find . -name "*.tdb"
>> ./share_info.tdb
>> ./private/randseed.tdb
>> ./private/sam.ldb.d/metadata.tdb
>> ./private/dns/sam.ldb.d/metadata.tdb
>> ./private/secrets.tdb
>> ./private/smbd.tmp/msg/names.tdb
>> ./private/netlogon_creds_cli.tdb
>> ./private/schannel_store.tdb
>> ./registry.tdb
>> ./winbindd_cache.tdb
>> ./account_policy.tdb
>> 
>> The script will include these in the backup without doing a tdbback
>> which I would not have thought was safe?  Should these files be 
>> excluded
>> or have a tdbbackup done like the ldb files, or am I totally missing
>> something?
>> 
>> Regards
>> 
>> Mike
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

More information about the samba mailing list