[Samba] samba-tool domain backup offline fails

Thu Apr 15 13:37:34 UTC 2021

Hi,

@L.P.H. van Belle <belle at bazuin.nl>
Does version 4.14 of your repository already have this patch?

On Wed, Apr 14, 2021 at 4:36 PM Stefan Kania via samba <
samba at lists.samba.org> wrote:

> Hi,
>
> I don't know the script from Rowland, but there is an easy way to create
> the TGT. The magic is k5start, the name of the Debian-package is kstart.
> Yo can use it to create the ticket with a deamon. I use it together with
> openldap to set up replication with kerberos. Read here for more infos:
> https://www.eyrie.org/~eagle/software/kstart/
>
>
>
> Am 07.04.21 um 11:08 schrieb Matthias Kühne | Ellerhold AG via samba:
> > Hello,
> >
> > I *think* thats why you should add -N to the command, am I right?
> >
> > I'd be very interested to see your script Rowland.
> >
> > I've managed to get our online backup working via plain-text PW thats
> > saved in a file only accessible as root on a DC. Not great but not bad
> > either.
> >
> > This way I dont have to handle and kerberos re-negotiation, right? Ive
> > looked at the code of adman for it and scared me to hell!
> >
> > Thanks and bye!
> >
> > Am 07.04.21 um 11:01 schrieb L.P.H. van Belle via samba:
> >> Hai,
> >>
> >> it this also know, i you already have authenticated with kerberos, you
> need to re-enter the smb password.
> >>
> >> kinit Administrator
> >> samba-tool domain backup online --server=dc1.$(hostname -d) \
> >>   --targetdir=/root/samba-backup -k yes
> >>
> >> That runs but ... Also has a small error. :-(  ... this..
> >> This comes later on..
> >>
> >> Backing up sysvol files (via SMB)...
> >> Password for [Administrator at REALM_HERE]:
> >>
> >> since i authenticatied with kerberos already, i would not have expected
> an password question here. :-/
> >>
> >>
> >>
> >> Greetz,
> >>
> >> Louis
> >>
> >>> -----Oorspronkelijk bericht-----
> >>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland
> penny via
> >>> samba
> >>> Verzonden: woensdag 7 april 2021 10:53
> >>> Aan: samba at lists.samba.org
> >>> Onderwerp: Re: [Samba] samba-tool domain backup offline fails
> >>>
> >>> On 07/04/2021 09:22, Stefan Bellon via samba wrote:
> >>>> Hi all,
> >>>>
> >>>> I'm about to set up disaster recovery for the domain and followed
> >>>> https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC
> >>>> (as I am using Samba 4.13.5).
> >>>>
> >>>> First I went for the online backup (which works), but AFAICS it
> requires
> >>>> administrator authentication and is thus not really suited for
> >>>> automated backups via a cronjob.
> >>>>
> >>>> When I tried "samba-tool domain backup offline" however, this fails:
> >>>
> >>> You have hit a known bug, which has just been fixed, so it should be in
> >>> the next releases of 4.13 and 4.14.
> >>>
> >>> You can use the online backup from cron, just create a script (If you
> >>> cannot, talk nicely and I will give you a copy of mine) , basically it
> >>> boils down to using kerberos and adding '-N' to the command.
> >>>
> >>> Rowland
> >>>
> >>>
> >>>
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >>
>
> --
> Stefan Kania
> Landweg 13
> 25693 St. Michaelisdonn
>
>
> Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre
> Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter
> https://www.dgn.de/dgncert/index.html
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Elias Pereira