[Samba] samba-tool domain backup ERROR

Stefan Kania stefan at kania-online.de
Thu Feb 28 13:32:42 UTC 2019


Am 28.02.2019 14:18, schrieb L.P.H. van Belle via samba:
> Hmm.
> 
> Hai stefan,
> 
> I hadnt use the : samba-tool domain backup online --server=dc1
> --targetdir=./  option yet.
> I've run the command on the same dc as im backing up and i did a kinit
> Administrator before it.
> Also tried it with -UNTDOM\\Administrator  and -Uadministrator
> All three  resulted in a good backup.
> 
> ... More logging here.....
> Pre-loading the Samba 4 and AD schema
> Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
> ...
> A Kerberos configuration suitable for Samba AD has been generated at
> /root/tmpvMsnbF/private/krb5.conf
> Merge the contents of this file with your system krb5.conf or replace
> it with this one. Do not create a symlink!
> Provision OK for domain DN DC=rotterdam,DC=bazuin,DC=nl
> Starting replication
> Using DS_BIND_GUID_W2K3
> ...
> Cloned domain NTDOM (SID S-1-5-21-123415564-252352352)
> ...
> 
> Creating backup file
> ./samba-backup-internal.domain.tld-2019-02-28T13-51-25.864257.tar.bz2...
> 
> Our difference.
> In running backend AD, i assum you run with rid backend.
> 
> Hmm, i have to think about this, i know there was an bugreport on the
> backup option..
> I'll see if i can find it.
> 
> @Rowland, do you know if the SID/RID of Administrator is the same on
> the DC's when using RID backend?
> 
> Last @Stefan, i noticed also : IndexError
> Run on both DC's : samba-tool dbcheck --reindex
> Try again.
I did it, but no change, still the same erorrmessages :-(
> 
> 
> Greetz,
> 
> Louis
> 
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Stefan Kania via samba
>> Verzonden: donderdag 28 februari 2019 13:47
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] samba-tool domain backup ERROR
>> 
>> 
>> Hello,
>> 
>> we want to backup the AD-database with the samba-tool
>> backup-option. We
>> use Sernet-packages 4.9.4 we have two DCs if I do the backup
>> on the same
>> DC I got the following messages:
>> -----------------
>> root at dc-ste-01:~# samba-tool domain backup online --server=dc-ste-01
>> --targetdir=. -U administrator
>> Password for [LF\administrator]:
>> ....
>> Committing SAM database
>> Setting isSynchronized and dsServiceName
>> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
>> ERROR(<type 'exceptions.IndexError'>): uncaught exception -
>> list index
>> out of range
>>    File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 177, in _run
>>      return self.run(*args, **kwargs)
>>    File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
>> line 237, in run
>>      new_sid = get_sid_for_restore(remote_sam)
>>    File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
>> line 73, in get_sid_for_restore
>>      rid = int(res[0].get('rIDNextRID')[0])
>> 
>> -----------------
>> 
>> If we do it on the other DC we got the following messages:
>> -----------------
>> root at dc-ste-01:~# samba-tool domain backup online --server=dc-ibb-01
>> --targetdir=. -U administrator
>> Password for [LF\administrator]:
>> Committing SAM database
>> Setting isSynchronized and dsServiceName
>> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
>> ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
>> process has requested access to an object but has not been
>> granted those
>> access rights.')
>>    File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 177, in _run
>>      return self.run(*args, **kwargs)
>>    File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
>> line 243, in run
>>      backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
>>    File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
>> line 508, in
>> backup_online
>>      ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
>>    File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
>> line 331, in
>> get_acl
>>      smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
>> 
>> -----------------
>> the package "lmdb-utils" is installed on both DCs.
>> 
>> Any tip?
>> 
>> Stefan
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
>> 

-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre 
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schl├╝ssel liegt auf

hkp://subkeys.pgp.net



More information about the samba mailing list