[Samba] samba-tool domain backup ERROR

Fri Mar 1 13:04:44 UTC 2019

Now I dit the following:
- create a dummy-user on both DCs (to gewt the RID-pool)
- check the sysvolacls, everything is fine no error
but the Problem is still the same.

----
ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A 
process has requested access to an object but has not been granted those 
access rights.')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 
177, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", 
line 243, in run
     backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 508, in 
backup_online
     ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 331, in 
get_acl
     smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
----
If read the thread with the backup-problem and we came to the same point 
:-( I think we wait for samba 4.10
Stefan

Am 28.02.2019 21:53, schrieb Tim Beale:
> On 1/03/19 1:46 AM, Stefan Kania via samba wrote:
>> 
>> ....
>> Committing SAM database
>> Setting isSynchronized and dsServiceName
>> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
>> ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index
>> out of range
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 177, in _run
>>     return self.run(*args, **kwargs)
>>   File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
>> 237, in run
>>     new_sid = get_sid_for_restore(remote_sam)
>>   File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
>> 73, in get_sid_for_restore
>>     rid = int(res[0].get('rIDNextRID')[0])
>> 
> So, I've seen this before when you try to back up a DC that hasn't
> initialized its RID pool yet. I thought it was just a corner-case that
> only happens if you try to backup a brand new DC. I'm guessing the same
> thing could happen though if all the RID allocations have taken place 
> on
> the primary DC and you try to back up the secondary DC.
> 
> Creating/deleting a temporary user on that DC should force a RID
> allocation. See:
> https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC#Troubleshooting
> 
> Most likely you'll just hit the second sysvol problem though.
> 
>> ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
>> process has requested access to an object but has not been granted
>> those access rights.')
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 177, in _run
>>     return self.run(*args, **kwargs)
>>   File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
>> 243, in run
>>     backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
>>   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 508,
>> in backup_online
>>     ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
>>   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 331,
>> in get_acl
>>     smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
>> 
> We've seen this problem once before, see thread:
> https://lists.samba.org/archive/samba/2019-January/220353.html
> 
> That thread has got some tips on trying to get debug out about what 
> file
> is causing the problem. Note that you need to enable the debug on the
> samba server (i.e. smbd).
> 
> We need better debug in the tool itself when this happens. I'll try to
> improve it.
> 
> Another work-around for this sysvol problem would be to upgrade to 4.10
> once it's released and use the new 'backup offline' option.
> 
> Cheers,
> Tim

-- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn

Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre 
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net