thctlo / samba4 Goto Github PK

At least secrets.tdb contains sensitive information and should be protected. I think the permission of the created tar-file should be something like 0640 or even 0600.

the egrep-regex also matches files from month "01" ... so not only the days "01" and "15" are kept, but all files from january.

Current W.I.P.
Functionize the backup script, add samba 4.9+ compatible backup options.
See: https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC

If you install ssh-krb5, you get an empty package. In the news you can read:

zcat /usr/share/doc/ssh-krb5/NEWS.Debian.gz
ssh-krb5 (1:4.3p2-7) unstable; urgency=low

The normal openssh-server and openssh-client packages in Debian now
include full GSSAPI support, including key exchange. This package is
now only a transitional package that depends on openssh-server and
openssh-client and configures openssh-server for GSSAPI authentication
if it wasn't already.

You can now simply install openssh-server and openssh-client directly
and remove this package. Just make sure that /etc/ssh/sshd_config
contains:

GSSAPIAuthentication yes
GSSAPIKeyExchange yes

if you want to support GSSAPI authentication to your ssh server.

-- Russ Allbery [email protected] Tue, 03 Oct 2006 22:27:27 -0700

So it would be better to point out user to straight modify /etc/ssh/sshd_config as instructed.

Can't install the key per the website documentation. Or the key file is some how incorrect? The website steps work fine for repo setup on Buster but apparently not on Bullseye?

Tried...
# wget -O- https://apt.van-belle.nl/louis-van-belle.gpg-key.asc | gpg --dearmor | sudo tee /usr/share/keyrings/louis-van-belle.gpg > /dev/null

And the file is created, but the key fails or appears to be rejected when repo update attempted...

# nano /etc/apt/sources.list.d/van-belle.list
# AptVanBelle repo for samba...
deb http://apt.van-belle.nl/debian bullseye-samba414 main contrib non-free

# apt update
Hit:1 http://raspbian.raspberrypi.org/raspbian bullseye InRelease
Hit:2 http://archive.raspberrypi.org/debian bullseye InRelease
Get:3 http://apt.van-belle.nl/debian bullseye-samba414 InRelease [12.0 kB]
Err:3 http://apt.van-belle.nl/debian bullseye-samba414 InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY FF620912DC8D81F8
Reading package lists... Done
W: GPG error: http://apt.van-belle.nl/debian bullseye-samba414 InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY FF620912DC8D81F8
E: The repository 'http://apt.van-belle.nl/debian bullseye-samba414 InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I used '[trusted=yes]' to enable use of the repo, but this is not a good practice of course.

Hi!

I just tried the samba4 backup script and got an TAR error.

./backup_samba4 --debug
Command checks : CMD_ECHO contains : /bin/echo
Command checks : CMD_SAMBA contains : /usr/sbin/samba
Command checks : CMD_TDBBACKUP contains : /usr/bin/tdbbackup
Command checks : CMD_LOGGER contains : /usr/bin/logger
Command checks : CMD_TAR contains : /bin/tar
Command checks : CMD_DIRNAME contains : /usr/bin/dirname
Command checks : CMD_CAT contains : /bin/cat
Command checks : CMD_GREP contains : /bin/grep
Command checks : CMD_AWK contains : /usr/bin/awk
Command checks : CMD_SED contains : /bin/sed
Command checks : CMD_DATE contains : /bin/date
Command checks : CMD_FIND contains : /usr/bin/find
Command checks : CMD_RM contains : /bin/rm
Command checks : CMD_GETFACL contains : /usr/bin/getfacl
Command checks : CMD_TAIL contains : /usr/bin/tail
Command checks : CMD_CUT contains : /usr/bin/cut
Command checks : CMD_WC contains : /usr/bin/wc
Command checks : CMD_AWK contains : /usr/bin/awk
Command checks : CMD_SORT contains : /usr/bin/sort
Starting backup with ./backup_samba4
Backupdate = 2019-10-02
Message: checking for previous backups of this day : private
Counter = 2
Message: setting date and counter : 2019-10-02-3 for private
/bin/tar: The following options were used after any non-optional arguments in archive create or update mode. These options are positional and affect only arguments that follow them. Please, rearrange them properly.
/bin/tar: --exclude „.ldb“ has no effect
/bin/tar: --exclude „.tdb“ has no effect
/bin/tar: Beende mit Fehlerstatus aufgrund vorheriger Fehler

What I could do? Any advices?

best regards,
semi