[Samba] Samba 4 DC backups
Mark Foley
mfoley at ohprs.org
Tue Sep 1 20:22:19 UTC 2015
Mike,
I thought I pretty much did the same thing as the backup script: backup ldb, do
tar. Also, I am stopping Samba for good measure, but I don't think I need to.
What makes you say I'm doing the "exact opposite" of what the samba script does?
Please explain, I want to be consistent with good practice.
--Mark
-----Original Message-----
> Date: Tue, 01 Sep 2015 19:19:31 +1200
> From: "Brady, Mike" <mike.brady at devnull.net.nz>
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba 4 DC backups
>
> Mark
>
> Ok so you doing the exact opposite of what the samba_backup script does
> with regards to ldb and tdb files, but then you are shutting down Samba
> to do a backup anyway so it doesn't really matter what you are doing in
> this regard.
>
> I want a consistent backup while Samba is running.
>
> Regards
>
> Mike
>
> On 2015-09-01 16:08, Mark Foley wrote:
> > Here's what I do before tar'ring:
> >
> > find / -mount -type d -path /etc/samba-JMF -prune -o -name \*.tdb
> > -exec tdbbackup {} \;
> > find / -mount -name \*.tdb.bak -exec ls -l {} \; # (log .bak updates)
> >
> > This gets all the tdb files on the root filesystem, excluding mounted
> > drived
> > (-mount) and excluding tdb files I have in /etc/samba-JMF which is an
> > old
> > installation folder that I should probably delete anyway. Still, the
> > example
> > would show you what to do if you *don't* want to back up some tdb's.
> >
> > The 2nd find just logs the date/time of the tdb.bak files to the
> > tarfile job
> > log.
> >
> > For good measure, I also stop samba during the tar backup, which only
> > takes 18
> > minutes (differential) on my system. But, I understand this is not
> > necessary
> > (though it might spare me from having to actually apply the tdb.bak
> > files should
> > I need to restore?)
> >
> > Also don't forget to backup ACLs and ATTRs unless your version of tar
> > preserves
> > these. Mine does not:
> >
> > getfattr -dR /redirectedFolders /var/lib/samba/sysvol
> > /var/lib/samba/share
> > getfacl -R /redirectedFolders /var/lib/samba/sysvol
> > /var/lib/samba/share
> >
> > --Mark
> >
> > -----Original Message-----
> >> Date: Tue, 01 Sep 2015 14:59:20 +1200
> >> From: "Brady, Mike" <mike.brady at devnull.net.nz>
> >> To: samba at lists.samba.org
> >> Subject: [Samba] Samba 4 DC backups
> >>
> >> I have a few Samba 4.2 DC in production now and figured that I should
> >> do
> >> something about backups.
> >>
> >> I have read
> >> https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC and
> >> had a look through the samba_backup script and have a few questions.
> >>
> >> Firstly I am using the Sernet packages on Centos7.
> >>
> >> I am assuming the following mappings from the script for my set up
> >> /usr/local/samba/etc is /etc/samba
> >> /usr/local/samba/private is /var/lib/samba/private
> >> /usr/local/samba/sysvol is /var/lib/samba/sysvol
> >>
> >> Does this look correct?
> >>
> >> The samba_backup script does a tdbbackup of ldb files. In my case
> >> that
> >> would be the following:
> >> [root at dc02 ~]# cd /var/lib/samba/
> >> [root at dc02 samba]# find . -name "*.ldb"
> >> ./private/sam.ldb
> >> ./private/privilege.ldb
> >> ./private/share.ldb
> >> ./private/idmap.ldb
> >> ./private/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/dns/sam.ldb
> >> ./private/dns/sam.ldb.d/DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/dns/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/dns/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/dns/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/dns/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=CO,DC=NZ.ldb
> >> ./private/hklm.ldb
> >> ./private/secrets.ldb
> >>
> >> The script then does a tar of the /usr/local/samba (/var/lib/samba in
> >> my
> >> case) excluding the *.ldb files, but including the *.ldb.bak files,
> >> which all makes sense.
> >>
> >> But there are also the following tdb files in the /var/lib/samba
> >> directory.
> >> [root at dc02 ~]# cd /var/lib/samba/
> >> [root at dc02 samba]# find . -name "*.tdb"
> >> ./share_info.tdb
> >> ./private/randseed.tdb
> >> ./private/sam.ldb.d/metadata.tdb
> >> ./private/dns/sam.ldb.d/metadata.tdb
> >> ./private/secrets.tdb
> >> ./private/smbd.tmp/msg/names.tdb
> >> ./private/netlogon_creds_cli.tdb
> >> ./private/schannel_store.tdb
> >> ./registry.tdb
> >> ./winbindd_cache.tdb
> >> ./account_policy.tdb
> >>
> >> The script will include these in the backup without doing a tdbback
> >> which I would not have thought was safe? Should these files be
> >> excluded
> >> or have a tdbbackup done like the ldb files, or am I totally missing
> >> something?
> >>
> >> Regards
> >>
> >> Mike
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list