[Samba] samba-tool domain backup ERROR

L.P.H. van Belle belle at bazuin.nl
Thu Feb 28 13:18:05 UTC 2019 

Hmm. 

Hai stefan, 

I hadnt use the : samba-tool domain backup online --server=dc1 --targetdir=./  option yet. 
I've run the command on the same dc as im backing up and i did a kinit Administrator before it. 
Also tried it with -UNTDOM\\Administrator  and -Uadministrator 
All three  resulted in a good backup. 

... More logging here.....  
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
...
A Kerberos configuration suitable for Samba AD has been generated at /root/tmpvMsnbF/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Provision OK for domain DN DC=rotterdam,DC=bazuin,DC=nl
Starting replication
Using DS_BIND_GUID_W2K3
...
Cloned domain NTDOM (SID S-1-5-21-123415564-252352352)
...

Creating backup file ./samba-backup-internal.domain.tld-2019-02-28T13-51-25.864257.tar.bz2...

Our difference. 
In running backend AD, i assum you run with rid backend. 

Hmm, i have to think about this, i know there was an bugreport on the backup option.. 
I'll see if i can find it. 

@Rowland, do you know if the SID/RID of Administrator is the same on the DC's when using RID backend? 

Last @Stefan, i noticed also : IndexError 
Run on both DC's : samba-tool dbcheck --reindex
Try again. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stefan Kania via samba
> Verzonden: donderdag 28 februari 2019 13:47
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] samba-tool domain backup ERROR
> 
> 
> Hello,
> 
> we want to backup the AD-database with the samba-tool 
> backup-option. We 
> use Sernet-packages 4.9.4 we have two DCs if I do the backup 
> on the same 
> DC I got the following messages:
> -----------------
> root at dc-ste-01:~# samba-tool domain backup online --server=dc-ste-01 
> --targetdir=. -U administrator
> Password for [LF\administrator]:
> ....
> Committing SAM database
> Setting isSynchronized and dsServiceName
> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
> ERROR(<type 'exceptions.IndexError'>): uncaught exception - 
> list index 
> out of range
>    File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 
> 177, in _run
>      return self.run(*args, **kwargs)
>    File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", 
> line 237, in run
>      new_sid = get_sid_for_restore(remote_sam)
>    File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", 
> line 73, in get_sid_for_restore
>      rid = int(res[0].get('rIDNextRID')[0])
> 
> -----------------
> 
> If we do it on the other DC we got the following messages:
> -----------------
> root at dc-ste-01:~# samba-tool domain backup online --server=dc-ibb-01 
> --targetdir=. -U administrator
> Password for [LF\administrator]:
> Committing SAM database
> Setting isSynchronized and dsServiceName
> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
> ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A 
> process has requested access to an object but has not been 
> granted those 
> access rights.')
>    File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 
> 177, in _run
>      return self.run(*args, **kwargs)
>    File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", 
> line 243, in run
>      backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
>    File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", 
> line 508, in 
> backup_online
>      ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
>    File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", 
> line 331, in 
> get_acl
>      smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
> 
> -----------------
> the package "lmdb-utils" is installed on both DCs.
> 
> Any tip?
> 
> Stefan
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list