On Tue, 2021-11-02 at 19:34 +0000, Rowland Penny via samba
wrote:> On Tue, 2021-11-02 at 12:00 -0700, Matt Ivie via samba wrote:
> > I'm running samba 4.9.5 on Debian Buster and trying to use samba-
> > tool
> > to do an online backup of the domain. I'm not having very good
> > luck.
>
> I would suggest you upgrade Samba, there have been quite a few
> updates
> to the online backup tool since 4.9.5
>
> > I'm running into an error which has been on this mailing list
> > previously.
> >
> > Here is the error:
> >
> > Cloned domain ------ (SID S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-
> > xxxxxxxxxx)
> > ERROR(runtime): uncaught exception - (3221225506, '{Access Denied}
> > A
> > process has requested access to an object but has not been granted
> > those access
> > rights.')
> > File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> > line 177, in _run
> > return self.run(*args, **kwargs)
> > File "/usr/lib/python2.7/dist-
> > packages/samba/netcmd/domain_backup.py", line 243, in run
> > backup_online(smb_conn, sysvol_tar,
> > remote_sam.get_domain_sid())
> > File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
line
> > 499,
> > in
> > backup_online
> > ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
> > File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
line
> > 322,
> > in
> > get_acl
> > smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
> >
> > The solution given in those threads was to do an offline backup
> > using
> > samba 4.10. I will likely upgrade to samba 4.10 at some point in
> > the
> > future but not at the moment. My question is whether anyone has
> > come
> > up
> > with a way to resolve this issue, or if there is a different way I
> > can
> > backup.
>
> It works for myself (on a later Samba version).
>
> > Shouldn't I be able to shut down my samba service and make a full
> > backup of the /var/run/samba directory?
>
> No, do not do that, you backup the domain, not the DC and that will
> backup the DC.
>
Thanks for the quick response.
The reason I proposed that is that I can have bareos run a command to
stop my DC, backup the dir, then restart it. Primarily for system
failure restorations.
> What is the actual command you ran ?
>
samba-tool domain backup online --targetdir=smb-ad-online-backup --
server=Harveydc0 -UAdministrator> Rowland
>
>
>
>
--
Matt Ivie
ION Data Systems
Sent Using Debian GNU/Linux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.samba.org/pipermail/samba/attachments/20211102/24962517/signature.sig>