Kategorie GNU/Linux

Taking an Online Backup of a SAMBA-4 ActiveDirectory

7. Dezember 2019 in Administration, GNU/Linux.

Notes:

  • The following procedure is available starting with SAMBA version 4.9.
  • The procedure can be performed on a host that is unrelated to the domain, but one domain controller must be reachable, must be used as a nameserver at the time of the backup and have open ports for DNS (53/tcp and /udp) SSH (22/tcp), LDAP (389/tcp), Kerberos (88/tcp and udp) and SMB (445/tcp).

1. On the machine that will be used to perform the backup, if not already present, install SAMBA.

apt -y install samba

2. Get the current smb.conf from the DC you want to query:

scp dc01.ad.example.com:/etc/samba/smb.conf ./smb.conf.dc01

3. Create a backup output directory:

mkdir samba-domain-backup

4. Ensure that /etc/resolv.conf contains the IP address of dc01 as the nameserver.

5. Perform the backup:

samba-tool domain backup online \
    --server=dc01.ad.example.com \
    --configfile=smb.conf.dc01 \
    --realm=AD.EXAMPLE.COM \
    --username=administrator@AD.EXAMPLE.COM \
    --targetdir=samba-domain-backup
This article is part of series "SAMBA4":
  1. SAMBA4 Domain Controller zu existierender W2012R2 AD Domäne hinzufügen
  2. Anmeldung von AD-Domänenbenutzern auf Linux mit SSSD und PAM
  3. Active Directory Member Server mit SAMBA4 und PAM-Winbind
  4. AD-Precreation using ktutil, kinit and adcli
  5. Taking an Online Backup of a SAMBA-4 ActiveDirectory
  6. Comparing Distinguished LDAP Names