[Samba] sambatool online backups
jonathon.reinhart at gmail.com
Fri Feb 25 21:50:49 UTC 2022
On Fri, Feb 25, 2022 at 4:23 PM Matt Ivie via samba
<samba at lists.samba.org> wrote:
> On Tue, 2021-11-02 at 20:19 +0000, Rowland Penny via samba wrote:
> > On Tue, 2021-11-02 at 12:48 -0700, Matt Ivie wrote:
> > > Thanks for the quick response.
> > >
> > > The reason I proposed that is that I can have bareos run a command
> > > to
> > > stop my DC, backup the dir, then restart it. Primarily for system
> > > failure restorations.
> > Please do not do that, it 'might' work if you have only one DC, but
> > if
> > you have more than one DC (which is highly recommended), it will lead
> > to problems.
> > > > What is the actual command you ran ?
> > > >
> > > samba-tool domain backup online --targetdir=smb-ad-online-backup --
> > > server=Harveydc0 -UAdministrator
> > I run the command in a script which is run by cron every hour (you
> > could run it more often, depends how often your AD changes) and it
> > similar to your command, except that I use kerberos authentication.
> > As I said, it works for myself, but I use a much later version of
> > Samba.
> > Rowland
> I found a short term solution to this problem until I'm able to upgrade
> to a later version of Samba. The full details can be found at
> I followed this advice:
> All what to do is to replace the line 51
> with "security.SEC_STD_READ_CONTROL" in
> I know that the best option is to upgrade Samba to a later and
> supported version, but for anyone that is on Debian Buster and using
> the packaged version of Samba I hope this helps them out.
I can confirm that this is the patch I have on my Samba 4.9.5-debian
DCs as well:
@@ -48,7 +48,7 @@
# SEC_FLAG_SYSTEM_SECURITY is required otherwise get Access Denied
SECURITY_SEC_FLAGS = security.SEC_FLAG_SYSTEM_SECURITY | \
More information about the samba