[Samba] Backing up tdb files

Philipp Gesang philipp.gesang at intra2net.com
Fri Dec 6 09:15:52 UTC 2019

Hi Nick!

-<| Quoting Nick Howitt via samba <nick at howitts.co.uk>, on Thursday, 2019-12-05 05:04:04 PM |>-
> I am trying to determine which tdb files must be backed up in order to
> perform a proper system restore. I am running Centos's
> samba-4.9.1-6.el7.x86_64 as a PDC. There is a basic backup routine which
> backs up all files under /var/lib/samba but this appears to be wasteful,
> especially as gencache.tdb keeps growing until I delete.
> I can find a Samba3 reference at
> https://wiki.samba.org/index.php/TDB_Locations but it does not cover all
> Samba4 files such as smbprofile.tdb. I can see gencache.tdb is not needed -
> I have to delete it regularly as it keeps growing.
> There was a thread in the mailing lists
> https://lists.samba.org/archive/samba/2018-September/218367.html and this
> seems to suggest you need nothing except
> /var/lib/samba/private/{netlogon_creds_cli,secrets}.tdb or, perhaps, just
> /var/lib/samba/private/secrets.tdb. Is that correct? Is anything needed from
> /var/lib/samba/lock/.

Fwiw we have been using the JSON export in production for a while
now to store backups of the domain member info. It is really
handy not just in backups but also for debugging and testing
because the plaintext-ish input format allows manipulating values
like SIDs, principals and passwords, and diffing the results.

I’ve been meaning to make the effort to get it upstreamed but
other tasks got in the way. In any case, you can still find the
latest revision on Gitlab:

    CI: https://gitlab.com/samba-team/devel/samba/pipelines/82886036

The patches should apply cleanly on top of 4.11 cause that’s what
we rolled out to customers around two weeks ago.

The export only covers the domain info of a member server though
so ymmv.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20191206/ddf28413/signature.sig>

More information about the samba mailing list