[Samba] samba-tool domain backup offline fails
Stefan Kania
stefan at kania-online.de
Wed Apr 14 19:34:50 UTC 2021
Hi,
I don't know the script from Rowland, but there is an easy way to create
the TGT. The magic is k5start, the name of the Debian-package is kstart.
Yo can use it to create the ticket with a deamon. I use it together with
openldap to set up replication with kerberos. Read here for more infos:
https://www.eyrie.org/~eagle/software/kstart/
Am 07.04.21 um 11:08 schrieb Matthias Kühne | Ellerhold AG via samba:
> Hello,
>
> I *think* thats why you should add -N to the command, am I right?
>
> I'd be very interested to see your script Rowland.
>
> I've managed to get our online backup working via plain-text PW thats
> saved in a file only accessible as root on a DC. Not great but not bad
> either.
>
> This way I dont have to handle and kerberos re-negotiation, right? Ive
> looked at the code of adman for it and scared me to hell!
>
> Thanks and bye!
>
> Am 07.04.21 um 11:01 schrieb L.P.H. van Belle via samba:
>> Hai,
>>
>> it this also know, i you already have authenticated with kerberos, you need to re-enter the smb password.
>>
>> kinit Administrator
>> samba-tool domain backup online --server=dc1.$(hostname -d) \
>> --targetdir=/root/samba-backup -k yes
>>
>> That runs but ... Also has a small error. :-( ... this..
>> This comes later on..
>>
>> Backing up sysvol files (via SMB)...
>> Password for [Administrator at REALM_HERE]:
>>
>> since i authenticatied with kerberos already, i would not have expected an password question here. :-/
>>
>>
>>
>> Greetz,
>>
>> Louis
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny via
>>> samba
>>> Verzonden: woensdag 7 april 2021 10:53
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] samba-tool domain backup offline fails
>>>
>>> On 07/04/2021 09:22, Stefan Bellon via samba wrote:
>>>> Hi all,
>>>>
>>>> I'm about to set up disaster recovery for the domain and followed
>>>> https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC
>>>> (as I am using Samba 4.13.5).
>>>>
>>>> First I went for the online backup (which works), but AFAICS it requires
>>>> administrator authentication and is thus not really suited for
>>>> automated backups via a cronjob.
>>>>
>>>> When I tried "samba-tool domain backup offline" however, this fails:
>>>
>>> You have hit a known bug, which has just been fixed, so it should be in
>>> the next releases of 4.13 and 4.14.
>>>
>>> You can use the online backup from cron, just create a script (If you
>>> cannot, talk nicely and I will give you a copy of mine) , basically it
>>> boils down to using kerberos and adding '-N' to the command.
>>>
>>> Rowland
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
https://www.dgn.de/dgncert/index.html
More information about the samba
mailing list