Dear all,
I use the Sernet Samba packages in version 4.9.3.
I try to do an online-backup of my domain by:
samba-tool domain backup online --server=ad2 --targetdir=/root
-Uadministrator
and I get the following error:
Committing SAM database
Setting isSynchronized and dsServiceName
Cloned domain DOMAIN (SID S-1-5-21-1996849263-3223042488-349429296)
ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
process has requested access to an object but has not been granted those
access rights.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
177, in _run
return self.run(*args, **kwargs)
File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
line 243, in run
backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 508,
in
backup_online
ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 331,
in
get_acl
smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
Does anyone has a trick for me?
Best regards
Benedikt
--
forumZFD
Entschieden für Frieden|Committed to Peace
Benedikt Kaleß
Leiter Team IT|Head team IT
Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 91273233 | Fax 0221 91273299 |
http://www.forumZFD.de
Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz
VR 17651 Amtsgericht Köln
Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
--
forumZFD
Entschieden für Frieden|Committed to Peace
Benedikt Kaleß
Leiter Team IT|Head team IT
Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 91273233 | Fax 0221 91273299 |
http://www.forumZFD.de
Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz
VR 17651 Amtsgericht Köln
Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
Hi, At the point it's failing, samba-tool is trying to backup your sysvol share (preserving all the NTACLs as it goes). I'm not sure what exactly is going wrong. It appears you don't have access rights to read an NTACL for one of these files. You could try increasing the debug-level on both the server and in the samba-tool command to see if that tells you more, but it might be quicker to try one of the following: - As a sanity-check, you could run 'samba-tool ntacl sysvolcheck' locally on your DC. It may tell you if there's an ACL problem. - Instead of an online backup, try running 'samba-tool domain backup offline' locally on your DC. It creates a slightly different type of backup, but how it backs up sysvol will work a bit different. - If you can work out the file it's failing on, then you could check if 'samba-tool ntacl get' works for that file. Cheers, Tim On 10/01/19 12:59 AM, Benedikt Kaleß via samba wrote:> Dear all, > > I use the Sernet Samba packages in version 4.9.3. > > I try to do an online-backup of my domain by: > > samba-tool domain backup online --server=ad2 --targetdir=/root > -Uadministrator > > and I get the following error: > > Committing SAM database > Setting isSynchronized and dsServiceName > Cloned domain DOMAIN (SID S-1-5-21-1996849263-3223042488-349429296) > ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A > process has requested access to an object but has not been granted those > access rights.') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 177, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", > line 243, in run > backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid()) > File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 508, in > backup_online > ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True) > File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 331, in > get_acl > smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS) > > > Does anyone has a trick for me? > > Best regards > Benedikt >
Hi, thanks for your hints! Am 10.01.19 um 03:46 schrieb Tim Beale via samba:> - As a sanity-check, you could run 'samba-tool ntacl sysvolcheck' > locally on your DC. It may tell you if there's an ACL problem.samba-tool ntacl sysvolcheck doesn't show any problems.> - Instead of an online backup, try running 'samba-tool domain backup > offline' locally on your DC. It creates a slightly different type of > backup, but how it backs up sysvol will work a bit different.I tried to do a "offline" backup. But I dont' find an option "offline" samba-tool domain backup --help Usage: samba-tool domain backup <subcommand> Create or restore a backup of the domain. Options: -h, --help show this help message and exit Available subcommands: online - Copy a running DC's current DB into a backup tar file. rename - Copy a running DC's DB to backup file, renaming the domain in the process. restore - Restore the domain's DB from a backup-file. For more help on a specific subcommand, please type: samba-tool domain backup <subcommand> (-h|--help)> - If you can work out the file it's failing on, then you could check if > 'samba-tool ntacl get' works for that file.We changed the loglevel to 10 and we didn't find any file with unsufficient permissions. Best Benedikt -- forumZFD Entschieden für Frieden|Committed to Peace Benedikt Kaleß Leiter Team IT|Head team IT Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service Am Kölner Brett 8 | 50825 Köln | Germany Tel 0221 91273233 | Fax 0221 91273299 | http://www.forumZFD.de Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board: Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz VR 17651 Amtsgericht Köln Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX