[Samba] domain backup online

Tim Beale timbeale at catalyst.net.nz
Thu Jul 18 02:49:33 UTC 2019 

Hi,

Just to reiterate an important point, the 'domain backup' command is
there to backup your domain information, not your DC.

If you still have a working domain, then you can recover any DC by
simply rejoining it to the domain. Do not use backup/restore to recover
an individual DC.

If you want to recover your entire domain (i.e. power off all your DCs
and start again from scratch), then that's when you restore from a
backup file.

So yes, it's still a good idea to do backups regardless of how many DCs
you have running.

However, in this case, the backup file from only one of the DCs would
ever be used to restore the domain. It's still fine to backup every DC,
but the only real point of doing so is extra insurance in case the first
backup file doesn't recover the domain properly.

See also:
https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC

Cheers,
Tim

On 18/07/19 12:32 AM, Joachim Lindenberg via samba wrote:
> Afaik one is not supposed to ever restore a DC in case you are running multiple. Thus I am wondering why you want to do (online or not) backups at all.
> Or did that rule change?
> Regards, Joachim
>
> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Ivan Jurišic via samba
> Gesendet: Wednesday, 17 July 2019 13:39
> An: samba at lists.samba.org
> Betreff: [Samba] domain backup online
>
> On my primary Samba AD DC server all work ok when doing online backup, but on my secudary server I have error:
>
> ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index out of range
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
> line 237, in run
>     new_sid = get_sid_for_restore(remote_sam)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
> line 73, in get_sid_for_restore
>     rid = int(res[0].get('rIDNextRID')[0])
>
>
> How to fix?
>
> Complete output:
>
> root at dc2:/var/log# samba-tool domain backup online --server=dc2.intra.mydomain.com --targetdir=/media/backup -Uadministrator at intra.mydomain.com
> workgroup is MYDOMAIN
> realm is intra.mydomain.com
> Calling bare provision
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
>
> A Kerberos configuration suitable for Samba AD has been generated at /media/backup/tmphyBvX0/private/krb5.conf
> Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
> Provision OK for domain DN DC=intra,DC=mydomain,DC=com Starting replication Using DS_BIND_GUID_W2K3 Schema-DN[CN=Schema,CN=Configuration,DC=intra,DC=mydomain,DC=com]
> objects[402/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=intra,DC=mydomain,DC=com]
> objects[804/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=intra,DC=mydomain,DC=com]
> objects[1206/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=intra,DC=mydomain,DC=com]
> objects[1550/1550] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=intra,DC=mydomain,DC=com]
> objects[402/1618] linked_values[0/0]
> Partition[CN=Configuration,DC=intra,DC=mydomain,DC=com]
> objects[804/1618] linked_values[0/0]
> Partition[CN=Configuration,DC=intra,DC=mydomain,DC=com]
> objects[1206/1618] linked_values[0/0]
> Partition[CN=Configuration,DC=intra,DC=mydomain,DC=com]
> objects[1608/1618] linked_values[0/0]
> Partition[CN=Configuration,DC=intra,DC=mydomain,DC=com]
> objects[1618/1618] linked_values[30/30]
> Replicating critical objects from the base DN of the domain Partition[DC=intra,DC=mydomain,DC=com] objects[98/98] linked_values[24/24] Partition[DC=intra,DC=mydomain,DC=com] objects[385/287] linked_values[28/28] Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=intra,DC=mydomain,DC=com
> Partition[DC=DomainDnsZones,DC=intra,DC=mydomain,DC=com] objects[42/42] linked_values[0/0] Replicating DC=ForestDnsZones,DC=intra,DC=mydomain,DC=com
> Partition[DC=ForestDnsZones,DC=intra,DC=mydomain,DC=com] objects[19/19] linked_values[0/0] Committing SAM database Setting isSynccomonized and dsServiceName Cloned domain MYDOMAIN (SID S-1-5-21-1643297388-1269305111-252802184)
> ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index out of range
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
> line 237, in run
>     new_sid = get_sid_for_restore(remote_sam)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
> line 73, in get_sid_for_restore
>     rid = int(res[0].get('rIDNextRID')[0])
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list