[Samba] samba-tool domain backup ERROR
L.P.H. van Belle
belle at bazuin.nl
Thu Feb 28 13:18:05 UTC 2019
Hmm.
Hai stefan,
I hadnt use the : samba-tool domain backup online --server=dc1 --targetdir=./ option yet.
I've run the command on the same dc as im backing up and i did a kinit Administrator before it.
Also tried it with -UNTDOM\\Administrator and -Uadministrator
All three resulted in a good backup.
... More logging here.....
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
...
A Kerberos configuration suitable for Samba AD has been generated at /root/tmpvMsnbF/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Provision OK for domain DN DC=rotterdam,DC=bazuin,DC=nl
Starting replication
Using DS_BIND_GUID_W2K3
...
Cloned domain NTDOM (SID S-1-5-21-123415564-252352352)
...
Creating backup file ./samba-backup-internal.domain.tld-2019-02-28T13-51-25.864257.tar.bz2...
Our difference.
In running backend AD, i assum you run with rid backend.
Hmm, i have to think about this, i know there was an bugreport on the backup option..
I'll see if i can find it.
@Rowland, do you know if the SID/RID of Administrator is the same on the DC's when using RID backend?
Last @Stefan, i noticed also : IndexError
Run on both DC's : samba-tool dbcheck --reindex
Try again.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Stefan Kania via samba
> Verzonden: donderdag 28 februari 2019 13:47
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] samba-tool domain backup ERROR
>
>
> Hello,
>
> we want to backup the AD-database with the samba-tool
> backup-option. We
> use Sernet-packages 4.9.4 we have two DCs if I do the backup
> on the same
> DC I got the following messages:
> -----------------
> root at dc-ste-01:~# samba-tool domain backup online --server=dc-ste-01
> --targetdir=. -U administrator
> Password for [LF\administrator]:
> ....
> Committing SAM database
> Setting isSynchronized and dsServiceName
> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
> ERROR(<type 'exceptions.IndexError'>): uncaught exception -
> list index
> out of range
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 177, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
> line 237, in run
> new_sid = get_sid_for_restore(remote_sam)
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
> line 73, in get_sid_for_restore
> rid = int(res[0].get('rIDNextRID')[0])
>
> -----------------
>
> If we do it on the other DC we got the following messages:
> -----------------
> root at dc-ste-01:~# samba-tool domain backup online --server=dc-ibb-01
> --targetdir=. -U administrator
> Password for [LF\administrator]:
> Committing SAM database
> Setting isSynchronized and dsServiceName
> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
> ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
> process has requested access to an object but has not been
> granted those
> access rights.')
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 177, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
> line 243, in run
> backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
> line 508, in
> backup_online
> ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
> line 331, in
> get_acl
> smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
>
> -----------------
> the package "lmdb-utils" is installed on both DCs.
>
> Any tip?
>
> Stefan
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list