# Samba TDB files lost at reboot

## SkyBeam

I just run into a problem with Samba on Gentoo Linux. I found that the Gentoo Samba server stores its TDB files at /var/lock/samba. Unfortunately /etc/init.d/bootmisc cleans all files from /var/lock at reboot so the files are lost.

For most of the files in there this is not a problem at all but there are some important ones there as well:

account_policy.tdb (account policies)

ntdrivers.tdb (installed printer drivers)

ntforms.tdb (installed printer forms)

ntprinters.tdb (installed printer information)

registry.tdb (registry)

All this files get re-created automatically after reboot when they were deleted. However you will lose all installed printer drivers and special account information.

For example if you add special permissions like

```
net rpc rights grant instadmin SeMachineAccountPrivilege
```

After reboot this permissions are lost and

```
net rpc rights list instadmin
```

lists no special permissions.

To fix this I tried to configure Samba to use another directory for the *.tdb files without success. I was unable to locate a parameter for this. Neither the "--lockdir" parameter to smbd nor the "lock directory" configuration parameter helped.

As a resolution I used the following script:

```
#!/bin/bash

# as Gentoo cleans up the /var/lock directory we need to

# move important databases (printer drivers, account policies...)

# to a safe location.

# Relocation directory where the files will be moved

RELOCATION_DIR=/etc/samba/tdb

# files to be relocated

RELOCATION_LIST="account_policy.tdb registry.tdb ntdrivers.tdb ntforms.tdb ntprinters.tdb"

# create directories

mkdir -p $RELOCATION_DIR

mkdir -p /var/lock/samba

# move files and link them

cd /var/lock/samba

for file in $RELOCATION_LIST; do

        mv $file $RELOCATION_DIR 2>/dev/null

        ln -s $RELOCATION_DIR/$file

done
```

It moves important DB files to /etc/samba/tdb by default and links them. Since /etc/init.d/bootmisc does not remove symlinks this works perfectly. Another advantage is that volatile data at /var/lock/* do not have to be backed up since they are stored at /etc/samba/tdb now.

Probably the Samba package should be modified in order not to save this files at /var/lock any more or /etc/init.d/bootmisc should be modified not to remove this files any more but the script above can be used as a work-around until a more permanent fix is available.

----------

## jpl888

Hi Skybeam,

I have 7 different Gentoo servers running Samba and from what I can see they don't store anything in "/var/lock/samba" in fact just having looked at one of them that directory doesn't even exist.

The secrets.tdb is stored in "/var/lib/samba/private" all the other "tdb's" are stored in "/var/cache/samba".

AFAIK you should use "pdbedit" and don't use SWAT to set special permissions. At least the last few times I used SWAT it screwed my whole config. I have not come across those "net rpc" commands you are using.

Maybe that is where you are going wrong.

----------

## SkyBeam

 *jpl888 wrote:*   

> I have 7 different Gentoo servers running Samba and from what I can see they don't store anything in "/var/lock/samba" in fact just having looked at one of them that directory doesn't even exist.
> 
> The secrets.tdb is stored in "/var/lib/samba/private" all the other "tdb's" are stored in "/var/cache/samba".

 

Oh damn, dumb me - I just noticed that there was another "lock directory" entry in my smb.conf. This mus have been taken over from my old RedHat installation.

You're completely right, after removing this setting the files were written correctly to /var/cache/samba.

However I still prefer having the files required to be backed up in /etc so I modified my script slightly:

```

#!/bin/bash

# some of the TDB files at /var/cache/samba are quite important

# to back up. They contain driver and user information.

# This script moves them to /etc/samba/tdb and inserts

# links at /var/cache/samba

# Relocation directory where the files will be moved

RELOCATION_DIR=/etc/samba/tdb

# directory where Samba stores the TDB files by default

TDB_DIR=/var/cache/samba

# files to be relocated

RELOCATION_LIST="account_policy.tdb registry.tdb ntdrivers.tdb ntforms.tdb ntprinters.tdb"

# create directories

mkdir -p $RELOCATION_DIR

mkdir -p $TDB_DIR

# move files and link them

cd $TDB_DIR

for file in $RELOCATION_LIST; do

        mv $file $RELOCATION_DIR 2>/dev/null

        ln -s $RELOCATION_DIR/$file

done

```

Sure, somebody could simply set "lock directory" to point somewhere in /etc/ but I did not want to move all the cache tdb files there since they can easily be re-build and contain just volatile data.

 *jpl888 wrote:*   

> 
> 
> AFAIK you should use "pdbedit" and don't use SWAT to set special permissions. At least the last few times I used SWAT it screwed my whole config. I have not come across those "net rpc" commands you are using.
> 
> 

 

I did not use swat - just vi for smb.conf. I do user management on LDAP using smbldap-tools. The permissions I set using 'net rpc ...' command as described in the Samba docs.

So the "problem" is solved now. Thanks for pointing me to the right direction.

----------

