On Tue, 2021-11-02 at 20:19 +0000, Rowland Penny via samba
wrote:> On Tue, 2021-11-02 at 12:48 -0700, Matt Ivie wrote:
> > Thanks for the quick response.
> >
> > The reason I proposed that is that I can have bareos run a command
> > to
> > stop my DC, backup the dir, then restart it. Primarily for system
> > failure restorations.
>
> Please do not do that, it 'might' work if you have only one DC, but
> if
> you have more than one DC (which is highly recommended), it will lead
> to problems.
>
>
> > > What is the actual command you ran ?
> > >
> > samba-tool domain backup online --targetdir=smb-ad-online-backup --
> > server=Harveydc0 -UAdministrator
>
> I run the command in a script which is run by cron every hour (you
> could run it more often, depends how often your AD changes) and it
> similar to your command, except that I use kerberos authentication.
>
> As I said, it works for myself, but I use a much later version of
> Samba.
>
> Rowland
>
>
>
I found a short term solution to this problem until I'm able to upgrade
to a later version of Samba. The full details can be found at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953918
I followed this advice:
All what to do is to replace the line 51
"security.SEC_FLAG_MAXIMUM_ALLOWED"
with "security.SEC_STD_READ_CONTROL" in
"/usr/lib/python2.7/dist-packages/samba/ntacls.py".
I know that the best option is to upgrade Samba to a later and
supported version, but for anyone that is on Debian Buster and using
the packaged version of Samba I hope this helps them out.