#!/bin/bash BACKUP_DIR=/var/tmp/targetdir if ! [ -d "${BACKUP_DIR}" ]; then echo "${BACKUP_DIR} does not exist, please adjust the script or create the directory" exit 1 fi argv0="$0" stop_services() { for service in slapd univention-directory-listener univention-s4-connector samba-ad-dc; do invoke-rc.d "$service" stop done } start_services() { local rc for service in slapd univention-directory-listener samba-ad-dc univention-s4-connector; do invoke-rc.d "$service" start rc=$? if [ "$rc" != 0 ]; then return "$rc" fi done } usage() { echo "$0 [backup|restore |stopservices|startservices]" } backup() { stop_services local TIMESTAMP local FATTR_FILE TIMESTAMP=`date +%d%m%y%H%M%S` FATTR_FILE="${BACKUP_DIR}/samba_sysvol.fattr" getfattr -R -d -m - /var/lib/samba/sysvol > "$FATTR_FILE" tar cjf "${BACKUP_DIR}/samba_${TIMESTAMP}.tar.bz2" \ --exclude /var/lib/samba/private/smbd.tmp \ --exclude /var/lib/samba/private/ldapi \ --exclude /var/lib/samba/private/ldap_priv/ldapi \ --exclude /var/lib/samba/winbindd_privileged/pipe \ --exclude /var/lib/samba/ntp_signd/socket \ /etc/samba \ /var/lib/samba \ "$FATTR_FILE" \ /var/lib/univention-connector/s4 \ /etc/univention/connector/s4internal.sqlite # >/dev/null 2>&1 rm "$FATTR_FILE" start_services } replace_invocationID() { local new_uuid local ldif local account_dn local serverReference local ntds_settings_dn local REPLY new_uuid=$(python -c 'import uuid; print uuid.uuid1()') if [ -z "$new_uuid" ]; then echo "ERROR: Generation of a new uuid failed" return 1 fi eval "$(univention-config-registry shell)" ldif=$(ldbsearch -H var/lib/samba/private/sam.ldb samaccountname="$hostname\$" serverReferenceBL) account_dn=$(echo "$ldif" | ldapsearch-wrapper | sed -n 's/^dn: //p') if [ -z "$account_dn" ]; then echo "ERROR: The server $hostname does not have an account in the restored var/lib/samba/private/sam.ldb" return 1 fi serverReference=$(echo "$ldif" | ldapsearch-wrapper | sed -n 's/^serverReferenceBL: //p') if [ -z "$serverReference" ]; then echo "ERROR: The account for $hostname not have the attribute serverReferenceBL in the restored var/lib/samba/private/sam.ldb" return 1 fi ldif=$(ldbsearch -H var/lib/samba/private/sam.ldb -b "$serverReference" objectClass=nTDSDSA invocationId) ntds_settings_dn=$(echo "$ldif" | ldapsearch-wrapper | sed -n 's/^dn: //p') if [ -z "$ntds_settings_dn" ]; then echo "ERROR: The server $hostname does not have an associated invocationId in the restored var/lib/samba/private/sam.ldb" return 1 fi ldbmodify -H var/lib/samba/private/sam.ldb <<-%EOF dn: $ntds_settings_dn changetype: modify replace: invocationId invocationId: $new_uuid %EOF } restore() { local FATTR_FILE local REPLY local rc if ! [ -e "$1" ]; then echo "The file '$1' does not exist." return 1 fi echo "This will overwrite the following files: (press return to see the list)" read tar tjvf "$1" echo read -p "Are you absolutely sure you want to procede? [y/N] " if [ "${REPLY^^}" != "Y" ]; then return 0 fi stop_services FATTR_FILE="${BACKUP_DIR#/}/samba_sysvol.fattr" ( cd / tar xjf "$1" >/dev/null 2>&1 setfattr --restore="$FATTR_FILE" rm -f "$FATTR_FILE" read -p "Shall the SAM database invocationID be reset? [y/N] " if [ "${REPLY^^}" = "Y" ]; then replace_invocationID rc=$? if [ "$rc" != 0 ]; then echo "Changing the invocationID failed. Services have not been startet again yet, please check." echo "The services may be startet again by running '$argv0 startservices'". return "$rc" fi fi ) read -p "Run ucr commit on the standard samba configuration files? [Y/n] " if [ "${REPLY^^}" != "N" ]; then univention-config-registry commit /etc/samba/smb.conf /etc/samba/base.conf fi read -p "Start the services again (Samba4, Univention S4 Connector, LDAP server, Univention Directory Listener ? [Y/n] " if [ "${REPLY^^}" != "N" ]; then start_services rc=$? if [ "$rc" != 0 ]; then return "$rc" fi fi } case "$1" in backup) backup exit $? ;; restore) if [ -z "$2" ]; then usage exit 1 fi restore "$2" exit $? ;; startservices) start_services exit $? ;; stopservices) stop_services exit $? ;; *) usage ;; esac