[Samba] Online AD Backup fails with "no auth" in 4.20?

Matthias Kühne | Ellerhold Aktiengesellschaft matthias.kuehne at ellerhold.de
Thu Jun 27 11:57:16 UTC 2024 

Hallo lovely samba-people,

did something change in regards to the online AD Backup in 4.20?

We're using this CLI command to create a backup of our domain:

     /usr/bin/samba-tool domain backup online --targetdir="/my/path" 
--server="rad-2.ad.ellerhold.lan" 
--use-krb5-ccache="/opt/samba-ad-backup/ad-backup.krb5cc" -N

This ran successfully on a member server without a problem. klist shows 
a valid ticket:

# klist -c /opt/samba-ad-backup/ad-backup.krb5cc
Ticket cache: FILE:/opt/samba-ad-backup/ad-backup.krb5cc
Default principal: ad-backup at AD.ELLERHOLD.LAN

Valid starting     Expires            Service principal
27/06/24 11:28:22  27/06/24 21:28:22 
krbtgt/AD.ELLERHOLD.LAN at AD.ELLERHOLD.LAN
     renew until 28/06/24 11:28:22


After upgrading to 4.20 this results in the error message: ERROR(<class 
'samba.join.DCJoinException'>): uncaught exception - Can't join, error: 
00002020: Operation unavailable without authentication

Even this doesnt work:

   /usr/bin/samba-tool domain backup online --targetdir="/my/path" 
--server="dc1.example.org" -U Administrator

Same error message on a member server. Running this on a DC prompts me 
for the password correctly. Running this on a 4.19 member server 
correctly prompts me for the password too.

I even copied an smb.conf from a DC and added 
--configfile=/path/to/dc-smb.conf . Same error...

Can someone point me in the right directory to make this work again on a 
4.20 member server?

Environment: Samba 4.20.2 in Debian 12 (mjts Repository).

Thanks for your help and have a nice day.

-- 
Senior Webentwickler
Datenschutzbeauftragter

Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul

Telefon: +49 (0) 351 83933-61
Web: www.ellerhold.de
Facebook: www.facebook.com/ellerhold.gruppe
Instagram: www.instagram.com/ellerhold.gruppe
LinkedIn: www.linkedin.com/company/ellerhold-gruppe

Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold



---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.

Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/

This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.

You can find our privacy policy here: http://www.ellerhold.de/datenschutz/

More information about the samba mailing list