T 2.145 Inadequate backup of trivial database files under Samba

To be able to restore the configuration of a Samba server without any loss of information, it is necessary to back up different system components depending on the purpose of the Samba server. In general, there are no special aspects that need to be taken into account for a consistent backup of these system components.

One exception to this general rule are the trivial database (TDB) files used by Samba to store various information. The contents of these databases are often kept by the Samba service for a long time in the main memory (cached). For this reason, the contents located on the hard disk are not always up to date, and the sizes and time stamps of the TDB files often remain unchanged for long periods of time. If this fact is not taken into account when creating a backup of the Samba service while it is running, then there is a risk of losing data.

Examples:

• While backing up the files, the "winbindd_idmap.tdb" file was not backed up correctly. The Unix user IDs of each Windows user are stored in this file. After restoring this file, the last ten entries created by Winbind were missing. It is no longer possible to determine the user names of the Unix user IDs from 1005621 to 105630. Therefore, it is no longer possible either to determine who owned the existing files assigned to these user IDs.
• On a Samba server in an information system, "tdbsam" is used to administer account information. The passwords for these accounts are stored in the file "passdb.tdb". A backup was not executed correctly, because the administrator used the standard Unix program "cp" while the Samba server was running. After restoring this file, the last two users created by the administrator were missing.