[Samba] samba-tool domain backup ERROR
Stefan Kania
stefan at kania-online.de
Fri Mar 1 13:04:44 UTC 2019
Now I dit the following:
- create a dummy-user on both DCs (to gewt the RID-pool)
- check the sysvolacls, everything is fine no error
but the Problem is still the same.
----
ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
process has requested access to an object but has not been granted those
access rights.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
177, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
line 243, in run
backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 508, in
backup_online
ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 331, in
get_acl
smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
----
If read the thread with the backup-problem and we came to the same point
:-( I think we wait for samba 4.10
Stefan
Am 28.02.2019 21:53, schrieb Tim Beale:
> On 1/03/19 1:46 AM, Stefan Kania via samba wrote:
>>
>> ....
>> Committing SAM database
>> Setting isSynchronized and dsServiceName
>> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
>> ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index
>> out of range
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 177, in _run
>> return self.run(*args, **kwargs)
>> File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
>> 237, in run
>> new_sid = get_sid_for_restore(remote_sam)
>> File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
>> 73, in get_sid_for_restore
>> rid = int(res[0].get('rIDNextRID')[0])
>>
> So, I've seen this before when you try to back up a DC that hasn't
> initialized its RID pool yet. I thought it was just a corner-case that
> only happens if you try to backup a brand new DC. I'm guessing the same
> thing could happen though if all the RID allocations have taken place
> on
> the primary DC and you try to back up the secondary DC.
>
> Creating/deleting a temporary user on that DC should force a RID
> allocation. See:
> https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC#Troubleshooting
>
> Most likely you'll just hit the second sysvol problem though.
>
>> ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
>> process has requested access to an object but has not been granted
>> those access rights.')
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 177, in _run
>> return self.run(*args, **kwargs)
>> File
>> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
>> 243, in run
>> backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
>> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 508,
>> in backup_online
>> ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
>> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 331,
>> in get_acl
>> smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
>>
> We've seen this problem once before, see thread:
> https://lists.samba.org/archive/samba/2019-January/220353.html
>
> That thread has got some tips on trying to get debug out about what
> file
> is causing the problem. Note that you need to enable the debug on the
> samba server (i.e. smbd).
>
> We need better debug in the tool itself when this happens. I'll try to
> improve it.
>
> Another work-around for this sysvol problem would be to upgrade to 4.10
> once it's released and use the new 'backup offline' option.
>
> Cheers,
> Tim
--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn
Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org
Mein Schlüssel liegt auf
hkp://subkeys.pgp.net
More information about the samba
mailing list