[Samba] Samba 4 DC backups

Mark Foley mfoley at ohprs.org
Tue Sep 1 20:22:19 UTC 2015 

Mike, 

I thought I pretty much did the same thing as the backup script: backup ldb, do
tar.  Also, I am stopping Samba for good measure, but I don't think I need to. 
What makes you say I'm doing the "exact opposite" of what the samba script does?
Please explain, I want to be consistent with good practice. 

--Mark

-----Original Message-----
> Date: Tue, 01 Sep 2015 19:19:31 +1200
> From: "Brady, Mike" <mike.brady at devnull.net.nz>
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba 4 DC backups
>
> Mark
>
> Ok so you doing the exact opposite of what the samba_backup script does 
> with regards to ldb and tdb files, but then you are shutting down Samba 
> to do a backup anyway so it doesn't really matter what you are doing in 
> this regard.
>
> I want a consistent backup while Samba is running.
>
> Regards
>
> Mike
>
> On 2015-09-01 16:08, Mark Foley wrote:
> > Here's what I do before tar'ring:
> > 
> > find / -mount -type d -path /etc/samba-JMF -prune -o -name \*.tdb
> > -exec tdbbackup {} \;
> > find / -mount -name \*.tdb.bak -exec ls -l {} \;   # (log .bak updates)
> > 
> > This gets all the tdb files on the root filesystem, excluding mounted 
> > drived
> > (-mount) and excluding tdb files I have in /etc/samba-JMF which is an 
> > old
> > installation folder that I should probably delete anyway. Still, the 
> > example
> > would show you what to do if you *don't* want to back up some tdb's.
> > 
> > The 2nd find just logs the date/time of the tdb.bak files to the 
> > tarfile job
> > log.
> > 
> > For good measure, I also stop samba during the tar backup, which only 
> > takes 18
> > minutes (differential) on my system. But, I understand this is not 
> > necessary
> > (though it might spare me from having to actually apply the tdb.bak 
> > files should
> > I need to restore?)
> > 
> > Also don't forget to backup ACLs and ATTRs unless your version of tar 
> > preserves
> > these. Mine does not:
> > 
> > getfattr -dR /redirectedFolders /var/lib/samba/sysvol 
> > /var/lib/samba/share
> > getfacl -R /redirectedFolders /var/lib/samba/sysvol 
> > /var/lib/samba/share
> > 
> > --Mark
> > 
> > -----Original Message-----
> >> Date: Tue, 01 Sep 2015 14:59:20 +1200
> >> From: "Brady, Mike" <mike.brady at devnull.net.nz>
> >> To: samba at lists.samba.org
> >> Subject: [Samba] Samba 4 DC backups
> >> 
> >> I have a few Samba 4.2 DC in production now and figured that I should 
> >> do
> >> something about backups.
> >> 
> >> I have read
> >> https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and
> >> had a look through the samba_backup script and have a few questions.
> >> 
> >> Firstly I am using the Sernet packages on Centos7.
> >> 
> >> I am assuming the following mappings from the script for my set up
> >> /usr/local/samba/etc is /etc/samba
> >> /usr/local/samba/private is /var/lib/samba/private
> >> /usr/local/samba/sysvol is /var/lib/samba/sysvol
> >> 
> >> Does this look correct?
> >> 
> >> The samba_backup script does a tdbbackup of ldb files.  In my case 
> >> that
> >> would be the following:
> >> [root at dc02 ~]# cd /var/lib/samba/
> >> [root at dc02 samba]# find . -name "*.ldb"
> >> ./private/sam.ldb
> >> ./private/privilege.ldb
> >> ./private/share.ldb
> >> ./private/idmap.ldb
> >> ./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/dns/sam.ldb
> >> ./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/hklm.ldb
> >> ./private/secrets.ldb
> >> 
> >> The script then does a tar of the /usr/local/samba (/var/lib/samba in 
> >> my
> >> case) excluding the *.ldb files, but including the *.ldb.bak files,
> >> which all makes sense.
> >> 
> >> But there are also the following tdb files in the /var/lib/samba
> >> directory.
> >> [root at dc02 ~]# cd /var/lib/samba/
> >> [root at dc02 samba]# find . -name "*.tdb"
> >> ./share_info.tdb
> >> ./private/randseed.tdb
> >> ./private/sam.ldb.d/metadata.tdb
> >> ./private/dns/sam.ldb.d/metadata.tdb
> >> ./private/secrets.tdb
> >> ./private/smbd.tmp/msg/names.tdb
> >> ./private/netlogon_creds_cli.tdb
> >> ./private/schannel_store.tdb
> >> ./registry.tdb
> >> ./winbindd_cache.tdb
> >> ./account_policy.tdb
> >> 
> >> The script will include these in the backup without doing a tdbback
> >> which I would not have thought was safe?  Should these files be 
> >> excluded
> >> or have a tdbbackup done like the ldb files, or am I totally missing
> >> something?
> >> 
> >> Regards
> >> 
> >> Mike
> >> 
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >> 
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list