[Samba] samba-tool domain backup ERROR
Stefan Kania
stefan at kania-online.de
Thu Feb 28 13:32:42 UTC 2019
Am 28.02.2019 14:18, schrieb L.P.H. van Belle via samba:
> Hmm.
>
> Hai stefan,
>
> I hadnt use the : samba-tool domain backup online --server=dc1
> --targetdir=./ option yet.
> I've run the command on the same dc as im backing up and i did a kinit
> Administrator before it.
> Also tried it with -UNTDOM\\Administrator and -Uadministrator
> All three resulted in a good backup.
>
> ... More logging here.....
> Pre-loading the Samba 4 and AD schema
> Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
> ...
> A Kerberos configuration suitable for Samba AD has been generated at
> /root/tmpvMsnbF/private/krb5.conf
> Merge the contents of this file with your system krb5.conf or replace
> it with this one. Do not create a symlink!
> Provision OK for domain DN DC=rotterdam,DC=bazuin,DC=nl
> Starting replication
> Using DS_BIND_GUID_W2K3
> ...
> Cloned domain NTDOM (SID S-1-5-21-123415564-252352352)
> ...
>
> Creating backup file
> ./samba-backup-internal.domain.tld-2019-02-28T13-51-25.864257.tar.bz2...
>
> Our difference.
> In running backend AD, i assum you run with rid backend.
>
> Hmm, i have to think about this, i know there was an bugreport on the
> backup option..
> I'll see if i can find it.
>
> @Rowland, do you know if the SID/RID of Administrator is the same on
> the DC's when using RID backend?
>
> Last @Stefan, i noticed also : IndexError
> Run on both DC's : samba-tool dbcheck --reindex
> Try again.
I did it, but no change, still the same erorrmessages :-(
>
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Stefan Kania via samba
>> Verzonden: donderdag 28 februari 2019 13:47
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] samba-tool domain backup ERROR
>>
>>
>> Hello,
>>
>> we want to backup the AD-database with the samba-tool
>> backup-option. We
>> use Sernet-packages 4.9.4 we have two DCs if I do the backup
>> on the same
>> DC I got the following messages:
>> -----------------
>> root at dc-ste-01:~# samba-tool domain backup online --server=dc-ste-01
>> --targetdir=. -U administrator
>> Password for [LF\administrator]:
>> ....
>> Committing SAM database
>> Setting isSynchronized and dsServiceName
>> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
>> ERROR(<type 'exceptions.IndexError'>): uncaught exception -
>> list index
>> out of range
>> File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 177, in _run
>> return self.run(*args, **kwargs)
>> File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
>> line 237, in run
>> new_sid = get_sid_for_restore(remote_sam)
>> File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
>> line 73, in get_sid_for_restore
>> rid = int(res[0].get('rIDNextRID')[0])
>>
>> -----------------
>>
>> If we do it on the other DC we got the following messages:
>> -----------------
>> root at dc-ste-01:~# samba-tool domain backup online --server=dc-ibb-01
>> --targetdir=. -U administrator
>> Password for [LF\administrator]:
>> Committing SAM database
>> Setting isSynchronized and dsServiceName
>> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
>> ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
>> process has requested access to an object but has not been
>> granted those
>> access rights.')
>> File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 177, in _run
>> return self.run(*args, **kwargs)
>> File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
>> line 243, in run
>> backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
>> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
>> line 508, in
>> backup_online
>> ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
>> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
>> line 331, in
>> get_acl
>> smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
>>
>> -----------------
>> the package "lmdb-utils" is installed on both DCs.
>>
>> Any tip?
>>
>> Stefan
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org
Mein Schlüssel liegt auf
hkp://subkeys.pgp.net
More information about the samba
mailing list