Web lists-archives.com

Re: [Samba] backup of tdb files




Hi Andrew,

thank you for your reply.

-<| Quoting Andrew Bartlett <abartlet@xxxxxxxxx>, on Thursday, 2018-10-25 06:44:03 AM |>-
> On Wed, 2018-10-24 at 15:43 +0200, Philipp Gesang wrote:
> > Hi again,
> > 
> > -<| Quoting Andrew Bartlett <abartlet@xxxxxxxxx>, on Friday, 2018-09-
> > 21 08:23:26 AM |>-
> > > 
> > > On Fri, 2018-09-21 at 11:29 +0200, Philipp Gesang via samba wrote:
> > > > 
> > > > The goal is to have a domain member functional after restoring
> > > > from a backup without re-joining. 
> > > Do take care that the password is changed by winbindd regularly.
> > >  It
> > > might not work any more.
> > I’m revisiting this issue right now. Specifically, I’m looking
> > for a means to have another process notified of a password change
> > completed by winbindd. I had no luck so far skimming the man
> > pages and source for hooks I could use.
> > 
> > Any advice would be appreciated.
> 
> Could you use and track the last changed time?
> 
> eg stored in the key from machine_last_change_time_keystr()
> 
> There isn't any hook or message sent about this at the moment, but I
> suppose a message could be sent on the messaging bus if you really
> needed it.
> 
> Can you detail the use case some more?

I’m working on a patchset that allows extracting the machine
account credentials so they can be stored outside Samba. That
part is already working. The goal is now to always have up to
date values stored away to minimize the possibility that a
re-join is needed after replaying the creds from a backup. The
join requires manual intervention and elevated privileges so it
is quite undesirable to request it unless absolutely necessary
(e. g. password changed since last backup).

There is of course always the option of monitoring secrets.tdb
with inotify and acting on change events. It would be more
convenient though if I could just throw a script at Samba and
have it executed at the right moment.

Best,
Philipp

Attachment: signature.asc
Description: PGP signature

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba