[Samba] Restoring Samba databases from /var/lib/samba

Thu Jun 2 17:49:07 UTC 2022

On Thu, 2022-06-02 at 17:47 +0100, Sebastian Arcus via samba wrote:
> On 02/06/2022 14:53, Denis CARDON wrote:
> > Hi Sebastian,
> > 
> > > On 02/06/2022 07:49, Denis CARDON wrote:
> > > > Hi Sebastian,
> > > > 
> > > > Le 01/06/2022 à 23:54, Sebastian Arcus via samba a écrit :
> > > > > To start with the end, until today I never realised that
> > > > > there are 
> > > > > specific procedures for backing up Samba AD databases - which
> > > > > is my 
> > > > > bad. I've always backed up /var/lib/samba and
> > > > > /var/cache/samba, 
> > > > > seeing as that's where Samba kept its stuff. Today I've
> > > > > accidentally 
> > > > > deleted /var/lib/samba, and tried to copy it back from the
> > > > > nightly 
> > > > > backups. Needless to say that it all went to pots, and dns is
> > > > > not 
> > > > > working properly any more, not matter what I try. I can
> > > > > provide more 
> > > > > details and logs, but first I wanted to ask if it is even
> > > > > worth the 
> > > > > effort? Is my backup of /var/lib/samba basically useless to
> > > > > restore 
> > > > > things to where they were before?
> > > > 
> > > > like Andrew said, as for every database you should use a
> > > > proper 
> > > > coherent backup for samba ldb db files. That said, from
> > > > experience it 
> > > > seldom fails (backups happen in the night when not much
> > > > happens).
> > > 
> > > That's why I am a little bit stumped about what is going on here.
> > > I 
> > > tried backups of Samba databases from different days, even from
> > > the 
> > > weekend when I know there should be no activity on the server.
> > > Somehow 
> > > it doesn't make sense that they are all corrupted in the same
> > > way.
> > > 
> > > > Could you try first to switch back to internal dns (if you
> > > > where 
> > > > using bind-dlz), it should remove much issue with hardlinks and
> > > > all. 
> > > > And turn off you bind9 on that machine. Then do a dbcheck --
> > > > cross-ncs.
> > > 
> > > That sounded promising. I followed the instructions from Samba
> > > wiki, 
> > > shutdown Bind and Samba, and ran the command - for some reason
> > > it 
> > > results in the same error:
> > > 
> > > # samba_upgradedns --dns-backend=SAMBA_INTERNAL
> > > Reading domain information
> > > DNS accounts already exist
> > > No zone file /var/lib/samba/bind-dns/dns/redacted.LAN.zone
> > > DNS records will be automatically created
> > > Traceback (most recent call last):
> > >    File "/usr/sbin/samba_upgradedns", line 348, in <module>
> > >      ncname = msg[0]['nCName'][0]
> > > KeyError: 'No such element'
> > 
> > You don't really need this command to switch back to internal.
> > Just 
> > remove the -dns in server services and add a dns forwarder in
> > smb.cnof, 
> > then kill your bind9 and restart samba-ad.
> 
> I just tried that. This time (with the dns records fixed, as per my 
> previous email), switching to internal dns goes through fine. But I 
> still get the error when trying to join the domain:
> 
> "The specified server cannot perform the requested operation"

What are you trying to join ? The DC ? If so you do not join a DC from
backups.

I know it is a bit late now, but you should have used 'samba-tool
domain backup'. This is used to backup the domain and not an individual
DC, you then use the same tool to restore the domain.

Copying individual files or directories is likely to cause problems, it
may work, but you may get parts of the database that are older than
others. If you are trying to restore in this way, then trying to join
the DC again isn't likely to work. you need an existing DC to join to.

Rowland