[Samba] sambatool online backups

[Rowland Penny]

On Tue, 2021-11-02 at 12:00 -0700, Matt Ivie via samba wrote:
> I'm running samba 4.9.5 on Debian Buster and trying to use samba-tool
> to do an online backup of the domain. I'm not having very good luck.

I would suggest you upgrade Samba, there have been quite a few updates
to the online backup tool since 4.9.5

> I'm running into an error which has been on this mailing list
> previously.
> 
> Here is the error:
> 
> Cloned domain ------ (SID S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx)
> ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
> process has requested access to an object but has not been granted
> those access
> rights.')                                                    
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 177, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-
> packages/samba/netcmd/domain_backup.py", line 243, in run
>     backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
>   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 499,
> in
> backup_online
>     ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
>   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 322,
> in
> get_acl
>     smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
> 
> The solution given in those threads was to do an offline backup using
> samba 4.10. I will likely upgrade to samba 4.10 at some point in the
> future but not at the moment. My question is whether anyone has come
> up
> with a way to resolve this issue, or if there is a different way I
> can
> backup.

It works for myself (on a later Samba version).

> 
> Shouldn't I be able to shut down my samba service and make a full
> backup of the /var/run/samba directory?

No, do not do that, you backup the domain, not the DC and that will
backup the DC.

What is the actual command you ran ?

Rowland