[Samba] AD Backup in cron
Rowland Penny
rpenny at samba.org
Thu Dec 8 09:52:37 UTC 2022
On 07/12/2022 07:43, Stefan G. Weichinger via samba wrote:
>
> I use Louis' scripts from https://github.com/thctlo/samba4 to backup my
> DCs per cronjob.
>
> Can't remember when but I remember someone (Louis himself?) to notice
> that his backup script wasn't good enough anymore or something.
>
> The Samba Wiki brings this:
>
> https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC
>
> So what is the recommended way to automate this?
>
> Run the command for the online-backup from a script, with the password
> in the script?
>
> What is best practice here? Thanks in advance, Stefan
>
The best practise was to use kerberos, but all the recent changes seem
to have stopped this working. It now requires the 'cifs/FQDN' SPN to
backup Sysvol, so it appears that you can no longer use a users ticket.
Using a user that is a member of Domain Admins (and their password) does
work, but that means the password is sent over the wire.
Rowland
More information about the samba
mailing list