[Samba] Automated samba online backup.
Andrew Bartlett
abartlet at samba.org
Fri Mar 19 18:27:34 UTC 2021
I would strongly recommend against this 'solution'. Unless you lock
the Samba DB during the backup, you cannot know that the DB is in a
consistent state to take the backup.
The same concerns expressed for PostgreSQL apply to Samba:
https://www.postgresql.org/docs/9.1/backup-file.html
Andrew Bartlett
On Fri, 2021-03-19 at 13:17 -0500, Christopher Wensink via samba wrote:
> We accomplish what your asking without asking for an admin password,
> but
> it's not done through samba-tool. We have an external Synology NAS
> device with 72 TB of total storage, that remotely connects into the
> samba file share machine each night, and takes a file system backup.
> It
> additionally takes a full VM backup each night via a system snapshot.
>
> There is no direct connection for the samba machine to connect to
> the
> Synology, the Synology is reaching in and pulling out backups, this
> way
> if the samba file share machine is compromised it will not affect
> the
> backup machine. DSM w/ Active Backup for business has worked pretty
> well for us, and there are options to simply use rsync on a shell
> on
> the device if you want to do things that way too. We went with a 12
> bay
> Rackmount model, but there are consumer budget friendly devices
> available that have have the same functionality.
>
> Chris
>
> On 3/19/2021 1:10 PM, Andrew Bartlett via samba wrote:
> > On Thu, 2020-04-30 at 10:27 -0300, Daniel Lopes de Carvalho via
> > samba
> > wrote:
> > > Hi
> > >
> > > I'm looking for a way to automate samba online backup with cron
> > > and
> > > without
> > > asking admin password. I wish to have a daily backup from my AD.
> > >
> > > Is there a way to exec samba-tool domain backup without password
> > > or
> > > do I
> > > need to have a export a admin keytab or something like that.
> > >
> > > Thanks
> > (sorry for the late reply)
> >
> > In theory a keytab might work, and from there something that
> > refreshes
> > a credentials cache, but that is as sensitive as a password anyway.
> >
> > An offline backup is what you want in cron, and we are currently
> > tidying up some of the rough edges on that. If you see any issues
> > using the offline backup in your situation please file a bug. We
> > are
> > fixing the incompatibility with BIND9_DLZ.
> >
> > I hope this clarifies things,
> >
> > Andrew Bartlett
> >
>
> --
> Christopher Wensink
> IS Administrator
> Five Star Plastics, Inc
> 1339 Continental Drive
> Eau Claire, WI 54701
> Office: 715-831-1682
> Mobile: 715-563-3112
> Fax: 715-831-6075
> cwensink at five-star-plastics.com
> www.five-star-plastics.com
>
>
>
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the samba
mailing list