[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] backup of tdb files
From:       Philipp Gesang via samba <samba () lists ! samba ! org>
Date:       2018-10-25 7:57:44
Message-ID: 20181025075744.GC3866 () drift ! m ! i2n
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


-<| Quoting Andrew Bartlett <abartlet@samba.org>, on Thursday, 2018-10-25 08:36:02 PM |>-
> On Thu, 2018-10-25 at 09:16 +0200, Philipp Gesang wrote:
> > Hi Andrew,
> > 
> > thank you for your reply.
> > 
> > I'm working on a patchset that allows extracting the machine
> > account credentials so they can be stored outside Samba. That
> > part is already working. 
> 
> Can you remind us of the current patch?

I'll post it as soon as I get the tests right.

> > The goal is now to always have up to
> > date values stored away to minimize the possibility that a
> > re-join is needed after replaying the creds from a backup. The
> > join requires manual intervention and elevated privileges so it
> > is quite undesirable to request it unless absolutely necessary
> > (e. g. password changed since last backup).
> > 
> > There is of course always the option of monitoring secrets.tdb
> > with inotify and acting on change events. It would be more
> > convenient though if I could just throw a script at Samba and
> > have it executed at the right moment.
> 
> Perhaps set:
>  machine password timeout = 0
> in the smb.conf
> 
> and then run 
>  wbinfo --change-secret
> 
> and then do the backup?

Perfect! Thanks a lot.

Philipp


["signature.asc" (application/pgp-signature)]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[prev in list] [next in list] [prev in thread] [next in thread]