[Samba] backup of tdb files

Fri Sep 21 09:29:59 UTC 2018

Hi,

how would I go about dumping tdb files in a “neutral” format,
preferably JSON?

The goal is to have a domain member functional after restoring
from a backup without re-joining. Ideally, the backed up version
does not depend on the tdb because of concerns about the
stability of the format. A backup set must remain usable despite
a multi-major version Samba update happening in between.

By trial and error I determined that
/var/lib/samba/private/{netlogon_creds_cli,secrets}.tdb are the
only files from whose removal smbd can’t recover, so those are
the files I’m currently concerned with.

Another issue is that dumping those files with the tdb tools
yields opaque binary data, e. g.

        # tdbdump private/netlogon_creds_cli.tdb
        {
        key(43) = "CLI[UNDEF/UNDEF$]/SRV[FOO-SERVER-2008/FOO]\00"
        data(96) = "\FF\FF\0Fa\FB\E1\8C\03{\81\D3\8B\D9\D5\81\C4-\02\E8Cq\F9\A1[\F4\19\A7\22\D5\C4\A8~\B1\A6;\85;\F4\0C\CC\B6\86\99\8C\FF\9E\9A\17\02\00\00\00\06\00\00\00\00\00\00\00\06\00\00\00UNDEF\00\00\00\07\00\00\00\00\00\00\00\07\00\00\00UNDEF$\00\00\00\00\00\00"
        }

How stable are those values? Is there a way to destructure them
for the backup to reconstruct them during restore in case the
format changes?

What about portability? Are tdb contents platform independent? Is
a secrets.tdb created with 32 bit Samba usable on a 64 bit build
and vice versa?

Thanks,
Philipp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20180921/957327b3/signature.sig>