Using the samba backup script: Difference between revisions
Mmuehlfeld (talk | contribs) m (Fix link to Bind DNS howto, for info how to fix the hardlinking) |
Mmuehlfeld (talk | contribs) m (Fix typo) |
||
Line 77: | Line 77: | ||
The following restore guide assumes, that you backuped your databases with the 'samba_backup' script. If you have your own script, adjust the steps. |
The following restore guide assumes, that you backuped your databases with the 'samba_backup' script. If you have your own script, adjust the steps. |
||
'''It's always recommented, that you restore the backuped databases to an installation that contains the same samba version, you made the backup on! Never do a restore and |
'''It's always recommented, that you restore the backuped databases to an installation that contains the same samba version, you made the backup on! Never do a restore and a version change at once!''' |
||
If your whole system is broken, you have first to setup the whole machine like described in the HowTos ([[Samba_AD_DC_HOWTO|Active Directory Controller]] or [[Samba4/Domain_Member|Member Server]]). |
If your whole system is broken, you have first to setup the whole machine like described in the HowTos ([[Samba_AD_DC_HOWTO|Active Directory Controller]] or [[Samba4/Domain_Member|Member Server]]). |
Revision as of 15:47, 20 June 2013
Introducion
The content of this document is adjusted to samba 4.x.
This is a tutorial about backup and restore of samba in hope that it will be usefull. But it comes WITHOUT ANY WARRANTY!
Until this line is removed, consider this document as a DRAFT, that may contain faults or is missing something!
General
WARNING, if you run more than one DC: Never restore a DC from backup, if at least one other DC is still running! You'll corrupt the directory as the replication meta data get out of sync!
Simply join the new machine as a DC again. Everything will be sycronized from the other running DC(s) - except SysVol replication, what isn't implemented yet.
If the whole domain is broken on all DCs, you should post on the samba-technical mailing list on http://lists.samba.org to discuss the best way to fix this.
How LDB and TDB files can be backuped/restored
If plan to modify the 'backup_samba' script or create an own solution, you'll find here some usefull information:
- You must never copy a running database!
- .ldb and *.tdb files can be backuped online with 'tdbbackup'
- Files created by tdbbackup, are full abd normal TDB files. tdbbackup does the extraction safely.
- Backups of *.ldb files can be just renamed (remove the *.bak) to their old name to restore.
About the backup_samba script
Samba provides a very basic backup shell script for it's databases. This requires that your whole samba installation is on one place (like /usr/local/samba/). If you have used configure options to store pieces of samba in different locations, you can adjust the script or use it as a base to write your own script.
Because this script is very basic at the moment, there are some things to know, if you plan to use it unchanged:
- The script doesn't backup extended ACLs. This results in that you'll lose the permissions e. g. on the SysVol share. If you have a tar version that supports the --xattrs option (see the tar manpage), you should add this option to all 'tar' commands inside the script. This enables tar to keep extended ACLs in the archives
Backup
The backup script of samba isn't installed, when you run 'make install'. It's recommented that you copy it from the sources directory (source4/scripting/bin/samba_backup) to your system, like /usr/sbin, and set secure permissions:
# cp ..../source4/scripting/bin/samba_backup /usr/sbin # chown root:root /usr/sbin/samba_backup # chmod 750 /usr/sbin/samba_backup
Adust the following variables inside the script to your needs:
FROMWHERE=/usr/local/samba WHERE=/usr/local/backups DAYS=90
Create the destination folder, you have configured in the $WHERE variable and set permissions:
# mkdir /usr/local/backups # chmod 750 /usr/local/backups
Start the backup script for a first test
# /usr/sbin/samba_backup
If the script exits without an error, you should find three files in the destination folder:
- etc.{Timestamp}.tar.bz2
- samba4_private.{Timestamp}.tar.bz2
- sysvol.{Timestamp}.tar.bz2
If your test backup succeeded, you should add a cron-job for daily backup:
# crontab -e
Add the following line to backup daily at 2am:
0 2 * * * /usr/sbin/samba_backup
Restore
The following restore guide assumes, that you backuped your databases with the 'samba_backup' script. If you have your own script, adjust the steps.
It's always recommented, that you restore the backuped databases to an installation that contains the same samba version, you made the backup on! Never do a restore and a version change at once!
If your whole system is broken, you have first to setup the whole machine like described in the HowTos (Active Directory Controller or Member Server).
Remove the folders, that we will restore (samba must not be running!):
# rm -rf /usr/local/samba/etc # rm -rf /usr/local/samba/private # rm -rf /usr/local/samba/var/locks/sysvol
Now unpack your latest working backup files to their old location
# cd /usr/local/backups # tar -jxf etc.{Timestamp}.tar.bz2 -C /usr/local/samba/ # tar -jxf samba4_private.{Timestamp}.tar.bz2 -C /usr/local/samba/ # tar -jxf sysvol.{Timestamp}.tar.bz2 -C /usr/local/samba/
Rename *.ldb.bak files in the 'private' directory back to *.ldb. With GNU find and Bash this can be done at once by:
# find /usr/local/samba/private/ -type f -name '*.ldb.bak' -print0 | while read -d $'\0' f ; do mv "$f" "${f%.bak}" ; done
If your backup doen't contains extended ACLs (see section About the backup_samba script, you have to run
# samba-tool ntacl sysvolreset
If you use Bind as DNS backend, you have to fisx the hardlinks for the DNS databases:
# samba_upgradedns --dns-backend=BIND9_DLZ
See DNS Backend BIND - New added DNS entries are not resolvable.
Now you can start samba and test if your restore was successfull.
Hint: It is of course possible to restore single databases out of your backups, if you know which one is broken. But make sure, that some databases may be linked to others. So be carefully that you don't get an inconsitent system! If you are unsure if your broken database relies on others, you should ask on the samba-technical mailing list on http://lists.samba.org