[Samba] Online AD Backup fails with "no auth" in 4.20?
Matthias Kühne | Ellerhold Aktiengesellschaft
matthias.kuehne at ellerhold.de
Thu Jun 27 11:57:16 UTC 2024
Hallo lovely samba-people,
did something change in regards to the online AD Backup in 4.20?
We're using this CLI command to create a backup of our domain:
/usr/bin/samba-tool domain backup online --targetdir="/my/path"
--server="rad-2.ad.ellerhold.lan"
--use-krb5-ccache="/opt/samba-ad-backup/ad-backup.krb5cc" -N
This ran successfully on a member server without a problem. klist shows
a valid ticket:
# klist -c /opt/samba-ad-backup/ad-backup.krb5cc
Ticket cache: FILE:/opt/samba-ad-backup/ad-backup.krb5cc
Default principal: ad-backup at AD.ELLERHOLD.LAN
Valid starting Expires Service principal
27/06/24 11:28:22 27/06/24 21:28:22
krbtgt/AD.ELLERHOLD.LAN at AD.ELLERHOLD.LAN
renew until 28/06/24 11:28:22
After upgrading to 4.20 this results in the error message: ERROR(<class
'samba.join.DCJoinException'>): uncaught exception - Can't join, error:
00002020: Operation unavailable without authentication
Even this doesnt work:
/usr/bin/samba-tool domain backup online --targetdir="/my/path"
--server="dc1.example.org" -U Administrator
Same error message on a member server. Running this on a DC prompts me
for the password correctly. Running this on a 4.19 member server
correctly prompts me for the password too.
I even copied an smb.conf from a DC and added
--configfile=/path/to/dc-smb.conf . Same error...
Can someone point me in the right directory to make this work again on a
4.20 member server?
Environment: Samba 4.20.2 in Debian 12 (mjts Repository).
Thanks for your help and have a nice day.
--
Senior Webentwickler
Datenschutzbeauftragter
Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul
Telefon: +49 (0) 351 83933-61
Web: www.ellerhold.de
Facebook: www.facebook.com/ellerhold.gruppe
Instagram: www.instagram.com/ellerhold.gruppe
LinkedIn: www.linkedin.com/company/ellerhold-gruppe
Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold
---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.
Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/
This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.
You can find our privacy policy here: http://www.ellerhold.de/datenschutz/
More information about the samba
mailing list