[Samba] AD Backup in cron

Rowland Penny rpenny at samba.org
Thu Dec 8 09:52:37 UTC 2022

On 07/12/2022 07:43, Stefan G. Weichinger via samba wrote:
> I use Louis' scripts from https://github.com/thctlo/samba4 to backup my 
> DCs per cronjob.
> Can't remember when but I remember someone (Louis himself?) to notice 
> that his backup script wasn't good enough anymore or something.
> The Samba Wiki brings this:
> https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC
> So what is the recommended way to automate this?
> Run the command for the online-backup from a script, with the password 
> in the script?
> What is best practice here? Thanks in advance, Stefan

The best practise was to use kerberos, but all the recent changes seem 
to have stopped this working. It now requires the 'cifs/FQDN' SPN to 
backup Sysvol, so it appears that you can no longer use a users ticket. 
Using a user that is a member of Domain Admins (and their password) does 
work, but that means the password is sent over the wire.


More information about the samba mailing list