[Samba] Restoring Samba databases from /var/lib/samba

Sebastian Arcus s.arcus at open-t.co.uk
Thu Jun 2 16:47:30 UTC 2022 

On 02/06/2022 14:53, Denis CARDON wrote:
> Hi Sebastian,
> 
>> On 02/06/2022 07:49, Denis CARDON wrote:
>>> Hi Sebastian,
>>>
>>> Le 01/06/2022 à 23:54, Sebastian Arcus via samba a écrit :
>>>> To start with the end, until today I never realised that there are 
>>>> specific procedures for backing up Samba AD databases - which is my 
>>>> bad. I've always backed up /var/lib/samba and /var/cache/samba, 
>>>> seeing as that's where Samba kept its stuff. Today I've accidentally 
>>>> deleted /var/lib/samba, and tried to copy it back from the nightly 
>>>> backups. Needless to say that it all went to pots, and dns is not 
>>>> working properly any more, not matter what I try. I can provide more 
>>>> details and logs, but first I wanted to ask if it is even worth the 
>>>> effort? Is my backup of /var/lib/samba basically useless to restore 
>>>> things to where they were before?
>>>
>>> like Andrew said, as for every database you should use a proper 
>>> coherent backup for samba ldb db files. That said, from experience it 
>>> seldom fails (backups happen in the night when not much happens).
>>
>> That's why I am a little bit stumped about what is going on here. I 
>> tried backups of Samba databases from different days, even from the 
>> weekend when I know there should be no activity on the server. Somehow 
>> it doesn't make sense that they are all corrupted in the same way.
>>
>>>
>>> Could you try first to switch back to internal dns (if you where 
>>> using bind-dlz), it should remove much issue with hardlinks and all. 
>>> And turn off you bind9 on that machine. Then do a dbcheck --cross-ncs.
>>
>> That sounded promising. I followed the instructions from Samba wiki, 
>> shutdown Bind and Samba, and ran the command - for some reason it 
>> results in the same error:
>>
>> # samba_upgradedns --dns-backend=SAMBA_INTERNAL
>> Reading domain information
>> DNS accounts already exist
>> No zone file /var/lib/samba/bind-dns/dns/redacted.LAN.zone
>> DNS records will be automatically created
>> Traceback (most recent call last):
>>    File "/usr/sbin/samba_upgradedns", line 348, in <module>
>>      ncname = msg[0]['nCName'][0]
>> KeyError: 'No such element'
> 
> You don't really need this command to switch back to internal. Just 
> remove the -dns in server services and add a dns forwarder in smb.cnof, 
> then kill your bind9 and restart samba-ad.

I just tried that. This time (with the dns records fixed, as per my 
previous email), switching to internal dns goes through fine. But I 
still get the error when trying to join the domain:

"The specified server cannot perform the requested operation"

> 
> Denis
> 
> 
>>
>> I'm not sure why it is looking in /var/lib/samba/bind-dns/dns/ for a 
>> zone file - I checked another healthy server and there is no zone file 
>> there.
>>
>>>
>>> If you do a ldbsearch on the ldb files, does it crash?
>>
>> That all seems fine. I did ldbsearch on all ldb files in 
>> /var/lib/samba/bind-dns/dns/sam.ldb.d/ - and they all displayed the 
>> content without issues
>>
>> I'm really starting to wonder if I'm not barking up the wrong tree 
>> with all this, and maybe it has nothing to do with corrupted backups 
>> somehow?
>>
>>>
>>> And if it goes back alive, please upgrade, there has been tons of 
>>> bugfixes since samba 4.9.
>>
>> That is good advice. This server has lots of other software running 
>> (Asterisk/exim/dovecot/spamassassin etc) - so the upgrade is a 
>> significant effort - but I will have to get it done sooner rather than 
>> later. I tried in the past to just upgrade Samba on its own - but ran 
>> into a forest of issues with library version issues and 
>> compatibilities - which broke other things on the server - so it 
>> doesn't seem like a good idea.
>>
>> Many thanks for all the hints
>>
>>>
>>>
>>>>
>>>> Some basic info:
>>>> OS: Slackware 14.1
>>>> Samba: 4.9.4
>>>> Mode: Active Directory DC with file server on the same machine - 
>>>> only one DC on domain
>>>>
>>>> Briefly, the samba_dlz plugin seems to be loading, but the logs have 
>>>> various errors which so far I can't make sense of:
>>>>
>>>> Jun  1 22:36:05 srv-01-op samba[11769]: 
>>>> ../source4/dsdb/kcc/kcc_periodic.c:768: Failed samba_kcc - 
>>>> NT_STATUS_ACCESS_DENIED
>>>>
>>>> and:
>>>>
>>>> # samba-tool dns zonelist localhost -U Administrator
>>>> Password for [redacted\Administrator]:
>>>> ERROR(runtime): uncaught exception - (9717, 
>>>> 'WERR_DNS_ERROR_DS_UNAVAILABLE')
>>>>    File 
>>>> "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 
>>>> 177, in _run
>>>>      return self.run(*args, **kwargs)
>>>>    File "/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py", 
>>>> line 670, in run
>>>>      request_filter)
>>>>
>>>> Should I just cut my loses and rebuild everything from scratch? It 
>>>> will involve work from my part and downtime for the users, but I 
>>>> should have really known about proper Samba AD db backups, so it is 
>>>> what it is.
>>>>
>>>> Any pointers much appreciated.
>>>>
>>

More information about the samba mailing list