[Samba] Domain Backup

Peter Smode psmode at kitsnet.us
Wed Oct 22 21:45:21 UTC 2025 

In my environment, I have made great use of the Veeam Agent for Linux (free). I have a server setup to serve storage for backups, presenting via both NFS and SMB to the Linux and Windows client systems.

It keeps it relatively simple. Domain backups execute as a pre-backup job on the AD DCs, writing the backup to a local directory. Then, the system backups executes with Veeam, which immediately captures the domain backup written moments before.

Restoration is simple, with Veeam connecting the location of the backups via NFS and presenting them to the client side. Basically, it connects /mnt/backup to the Veeam backup set and allows you to browse and copy from the parallel filesystem. In a pinch, you can reference the backup sets from another system, assuming you have setup the authorizations correctly. 

Nice part is that the Domain backup operation itself is the simplest, most reliable thing, going to local storage. Getting it off the system is handled by a separate tool designed specifically for that (Veeam). 


Peter

-----Original Message-----
From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland Penny via samba
Sent: Tuesday, October 21, 2025 6:47 AM
To: samba at lists.samba.org
Cc: Rowland Penny <rpenny at samba.org>
Subject: Re: [Samba] Domain Backup

On Mon, 20 Oct 2025 17:14:21 -0400
Sonic <sonicsmith at gmail.com> wrote:

> On Sun, Sep 7, 2025 at 6:42 AM Rowland Penny via samba 
> <samba at lists.samba.org> wrote:
> > I do it a different way, I run the command on a Unix domain member 
> > and store the backup locally:
> >
> > samba-tool domain backup online -N --server=dc03.samdom.example.com 
> > --targetdir=/srv/backups/samdom.example.com
> > --use-krb5-ccache=/tmp/backup_cc -d0
> 
> That is pretty cool. Is there a way to do this from a system that's 
> not a domain member? Would like to have a remote host that can backup 
> several AD's (different domains) over VPN's.
> 
> Thanks,
> Chris

Not sure, never tried it, samba-tool would have to be installed and you would have to use a username and password instead of the '-N --use-krb5-ccache=/tmp/backup_cc' because no join, no kerberos cache.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list