Web lists-archives.com

[Samba] backup of tdb files


how would I go about dumping tdb files in a “neutral” format,
preferably JSON?

The goal is to have a domain member functional after restoring
from a backup without re-joining. Ideally, the backed up version
does not depend on the tdb because of concerns about the
stability of the format. A backup set must remain usable despite
a multi-major version Samba update happening in between.

By trial and error I determined that
/var/lib/samba/private/{netlogon_creds_cli,secrets}.tdb are the
only files from whose removal smbd can’t recover, so those are
the files I’m currently concerned with.

Another issue is that dumping those files with the tdb tools
yields opaque binary data, e. g.

        # tdbdump private/netlogon_creds_cli.tdb
        key(43) = "CLI[UNDEF/UNDEF$]/SRV[FOO-SERVER-2008/FOO]\00"
        data(96) = "\FF\FF\0Fa\FB\E1\8C\03{\81\D3\8B\D9\D5\81\C4-\02\E8Cq\F9\A1[\F4\19\A7\22\D5\C4\A8~\B1\A6;\85;\F4\0C\CC\B6\86\99\8C\FF\9E\9A\17\02\00\00\00\06\00\00\00\00\00\00\00\06\00\00\00UNDEF\00\00\00\07\00\00\00\00\00\00\00\07\00\00\00UNDEF$\00\00\00\00\00\00"

How stable are those values? Is there a way to destructure them
for the backup to reconstruct them during restore in case the
format changes?

What about portability? Are tdb contents platform independent? Is
a secrets.tdb created with 32 bit Samba usable on a 64 bit build
and vice versa?


Attachment: signature.asc
Description: PGP signature

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba