I'm running samba 4.9.5 on Debian Buster and trying to use samba-tool
to do an online backup of the domain. I'm not having very good luck.
I'm running into an error which has been on this mailing list
previously.
Here is the error:
Cloned domain ------ (SID S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx)
ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
process has requested access to an object but has not been granted
those access
rights.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 177, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-
packages/samba/netcmd/domain_backup.py", line 243, in run
backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 499,
in
backup_online
ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 322,
in
get_acl
smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
The solution given in those threads was to do an offline backup using
samba 4.10. I will likely upgrade to samba 4.10 at some point in the
future but not at the moment. My question is whether anyone has come up
with a way to resolve this issue, or if there is a different way I can
backup.
Shouldn't I be able to shut down my samba service and make a full
backup of the /var/run/samba directory?
Thanks
--
Matt Ivie
ION Data Systems
Sent Using Debian GNU/Linux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.samba.org/pipermail/samba/attachments/20211102/8761c398/signature.sig>
On Tue, 2021-11-02 at 12:00 -0700, Matt Ivie via samba wrote:> > The solution given in those threads was to do an offline backup using > samba 4.10. I will likely upgrade to samba 4.10 at some point in the > future but not at the moment. My question is whether anyone has come > up > with a way to resolve this issue, or if there is a different way I > can > backup.I would *incredibly strongly* recommend an upgrade to a currently supported version.> Shouldn't I be able to shut down my samba service and make a full > backup of the /var/run/samba directory?Yes, you can do that but you can't restore from it unless you have killed every other DC on the network first. The backup tool is designed to get this process right and to automate it. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions
On Tue, 2021-11-02 at 12:00 -0700, Matt Ivie via samba wrote:> I'm running samba 4.9.5 on Debian Buster and trying to use samba-tool > to do an online backup of the domain. I'm not having very good luck.I would suggest you upgrade Samba, there have been quite a few updates to the online backup tool since 4.9.5> I'm running into an error which has been on this mailing list > previously. > > Here is the error: > > Cloned domain ------ (SID S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx) > ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A > process has requested access to an object but has not been granted > those access > rights.') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 177, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist- > packages/samba/netcmd/domain_backup.py", line 243, in run > backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid()) > File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 499, > in > backup_online > ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True) > File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 322, > in > get_acl > smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS) > > The solution given in those threads was to do an offline backup using > samba 4.10. I will likely upgrade to samba 4.10 at some point in the > future but not at the moment. My question is whether anyone has come > up > with a way to resolve this issue, or if there is a different way I > can > backup.It works for myself (on a later Samba version).> > Shouldn't I be able to shut down my samba service and make a full > backup of the /var/run/samba directory?No, do not do that, you backup the domain, not the DC and that will backup the DC. What is the actual command you ran ? Rowland