[Samba] Restoring Samba databases from /var/lib/samba

Sebastian Arcus s.arcus at open-t.co.uk
Thu Jun 2 18:01:29 UTC 2022

On 02/06/2022 18:49, Rowland Penny via samba wrote:
> On Thu, 2022-06-02 at 17:47 +0100, Sebastian Arcus via samba wrote:
>> On 02/06/2022 14:53, Denis CARDON wrote:
>>> Hi Sebastian,
>>>> On 02/06/2022 07:49, Denis CARDON wrote:
>>>>> Hi Sebastian,
>>>>> Le 01/06/2022 à 23:54, Sebastian Arcus via samba a écrit :
>>>>>> To start with the end, until today I never realised that
>>>>>> there are
>>>>>> specific procedures for backing up Samba AD databases - which
>>>>>> is my
>>>>>> bad. I've always backed up /var/lib/samba and
>>>>>> /var/cache/samba,
>>>>>> seeing as that's where Samba kept its stuff. Today I've
>>>>>> accidentally
>>>>>> deleted /var/lib/samba, and tried to copy it back from the
>>>>>> nightly
>>>>>> backups. Needless to say that it all went to pots, and dns is
>>>>>> not
>>>>>> working properly any more, not matter what I try. I can
>>>>>> provide more
>>>>>> details and logs, but first I wanted to ask if it is even
>>>>>> worth the
>>>>>> effort? Is my backup of /var/lib/samba basically useless to
>>>>>> restore
>>>>>> things to where they were before?
>>>>> like Andrew said, as for every database you should use a
>>>>> proper
>>>>> coherent backup for samba ldb db files. That said, from
>>>>> experience it
>>>>> seldom fails (backups happen in the night when not much
>>>>> happens).
>>>> That's why I am a little bit stumped about what is going on here.
>>>> I
>>>> tried backups of Samba databases from different days, even from
>>>> the
>>>> weekend when I know there should be no activity on the server.
>>>> Somehow
>>>> it doesn't make sense that they are all corrupted in the same
>>>> way.
>>>>> Could you try first to switch back to internal dns (if you
>>>>> where
>>>>> using bind-dlz), it should remove much issue with hardlinks and
>>>>> all.
>>>>> And turn off you bind9 on that machine. Then do a dbcheck --
>>>>> cross-ncs.
>>>> That sounded promising. I followed the instructions from Samba
>>>> wiki,
>>>> shutdown Bind and Samba, and ran the command - for some reason
>>>> it
>>>> results in the same error:
>>>> # samba_upgradedns --dns-backend=SAMBA_INTERNAL
>>>> Reading domain information
>>>> DNS accounts already exist
>>>> No zone file /var/lib/samba/bind-dns/dns/redacted.LAN.zone
>>>> DNS records will be automatically created
>>>> Traceback (most recent call last):
>>>>     File "/usr/sbin/samba_upgradedns", line 348, in <module>
>>>>       ncname = msg[0]['nCName'][0]
>>>> KeyError: 'No such element'
>>> You don't really need this command to switch back to internal.
>>> Just
>>> remove the -dns in server services and add a dns forwarder in
>>> smb.cnof,
>>> then kill your bind9 and restart samba-ad.
>> I just tried that. This time (with the dns records fixed, as per my
>> previous email), switching to internal dns goes through fine. But I
>> still get the error when trying to join the domain:
>> "The specified server cannot perform the requested operation"
> What are you trying to join ? The DC ? If so you do not join a DC from
> backups.

Hi Rowland. Sorry - I should have probably been more descriptive. This 
was the message I was getting on a workstation, trying to join it to the 
domain, after I restored the domain configuration on the DC from direct 
file backups. I hope that makes sense.

> I know it is a bit late now, but you should have used 'samba-tool
> domain backup'. This is used to backup the domain and not an individual
> DC, you then use the same tool to restore the domain.

Yes - now I found the wiki page - which I never realised existed in the 
first place!

> Copying individual files or directories is likely to cause problems, it
> may work, but you may get parts of the database that are older than
> others. If you are trying to restore in this way, then trying to join
> the DC again isn't likely to work. you need an existing DC to join to.

More information about the samba mailing list