Univention Corporate Server (UCS) » Backup

ID #1184

Complete rebuild of a UCS system on new hardware


Following, for example, hardware damage, a UCS-System is only available as a backup. How can the system be restored?


A disaster recovery can be performed for a system completely saved via unidump, as described in the handbook. However, if the data are saved externally, the following steps may help to restore the system in the same configuration on new hardware. The steps refer to a UCS domain controller master master with Samba installed.

The instructions are set out as guidelines. The correct functioning of all services, in particular those which do not appear here, should be checked at the end.


1. Reinstallation

The profile saved under /etc/univention/installation_profile on the old system can be used to install a system with the same settings and the same UCS version on new hardware. After installation, the restart must be performed as prompted.

2. Stopping services

As many services as possible should be stopped for the restoration (via "/etc/init.d/ stop" or the Univention Management Console), in particular samba, slapd, univention-dhcp, univention-bind, univention-bind-proxy, univention-directory-listener and univention-directory-notifier.

3. Restore of configuration files managed through Univention Configuration Registry

The "/etc/univention/base.conf" file contains the status of the Univention Configuration Registry variables. The configuration of the newly restored system must also be recreated using this file. This is done using "univention-configuration-registry commit".

4. Restore of Samba settings

Internal information from Samba is saved in the /var/lib/samba directory, which should be completely restored. In addition, of course, the directory shares (e.g., /home).

5. Restore of LDAP data

The /var/lib/univention-ldap directory contains the information from the LDAP database and must be completely restored.

6. Reinitialise Univention Directory Listener

The Univention Directory Listener must be reinitialised so that the LDAP settings for the computers are exported again (e.g., directory shares). As the service is already stopped, the contents of the /var/lib/univention-directory-listener/ directory can be deleted. The initialisation is performed automatically the next time it is started.

7. Reset LDAP passwords

When accessing the LDAP, services use their own passwords, for this purpose the /etc/ldap.secret and /etc/machine.secret files must be restored.

8. Restart services

The services should be restarted in the following order: slapd, then univention-directory-notifier and univention-directory-listener, and finally the other stopped services. If access to the system via ssh or local log-in is still possible, the computer should be restarted.


Prior to these steps, a backup should be made of the newly installed system for comparison.To locate and avoid errors, the log files should be checked for errors after the services are started.After the restoration of the master, it should be checked whether the LDAP replication to the other systems restarts. Some of the systems’ passwords may have been changed since the back-up. Other services and computers which are not functioning should be rejoined as far as possible (also applies for managed clients and Windows systems, which cause problems).The restoration can also be used on other UCS systems: however, in this case alongside steps 1 and 3 the system need only be rejoined (univention-join). In addition, the user data must of course be restored.

Tags: Datensicherung, desaster recovery, wiederherstellen

Related entries:

Last update: 2011-03-01 14:03
Revision: 1.0

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 3.5 (2 Votes)

completely useless 1 2 3 4 5 most valuable

You can comment this FAQ