[Samba] Online AD Backup fails with "no auth" in 4.20?
Rowland Penny
rpenny at samba.org
Thu Jun 27 14:24:52 UTC 2024
On Thu, 27 Jun 2024 13:57:16 +0200
Matthias Kühne | Ellerhold Aktiengesellschaft via samba
<samba at lists.samba.org> wrote:
> Hallo lovely samba-people,
>
> did something change in regards to the online AD Backup in 4.20?
>
> We're using this CLI command to create a backup of our domain:
>
> /usr/bin/samba-tool domain backup online --targetdir="/my/path"
> --server="rad-2.ad.ellerhold.lan"
> --use-krb5-ccache="/opt/samba-ad-backup/ad-backup.krb5cc" -N
>
> This ran successfully on a member server without a problem. klist
> shows a valid ticket:
>
> # klist -c /opt/samba-ad-backup/ad-backup.krb5cc
> Ticket cache: FILE:/opt/samba-ad-backup/ad-backup.krb5cc
> Default principal: ad-backup at AD.ELLERHOLD.LAN
>
> Valid starting Expires Service principal
> 27/06/24 11:28:22 27/06/24 21:28:22
> krbtgt/AD.ELLERHOLD.LAN at AD.ELLERHOLD.LAN
> renew until 28/06/24 11:28:22
>
>
> After upgrading to 4.20 this results in the error message:
> ERROR(<class 'samba.join.DCJoinException'>): uncaught exception -
> Can't join, error: 00002020: Operation unavailable without
> authentication
>
> Even this doesnt work:
>
> /usr/bin/samba-tool domain backup online --targetdir="/my/path"
> --server="dc1.example.org" -U Administrator
>
> Same error message on a member server. Running this on a DC prompts
> me for the password correctly. Running this on a 4.19 member server
> correctly prompts me for the password too.
>
> I even copied an smb.conf from a DC and added
> --configfile=/path/to/dc-smb.conf . Same error...
>
> Can someone point me in the right directory to make this work again
> on a 4.20 member server?
>
> Environment: Samba 4.20.2 in Debian 12 (mjts Repository).
>
> Thanks for your help and have a nice day.
>
I have a script on a Unix domain member that is run every hour by cron,
it has run for months and is still working. the actual samba-tool line
is this:
samba-tool domain backup online --server="$PDCe"
--targetdir="${STOREDIR}" --krb5-ccache=/tmp/backup_cc -N
My Samba version is 4.20.1
Rowland
More information about the samba
mailing list