[Samba] Online AD Backup fails with "no auth" in 4.20?

Michael Tokarev mjt at tls.msk.ru
Fri Jun 28 05:18:15 UTC 2024

On 6/27/24 19:43, Luis Peromarta via samba wrote:
> OK apologies, looks like I jumped the gun and installed “samba-ad-dc” while my system wanted "samba-ad-provision” as per the error below.
> Maybe samba-ad-dc installs samba-ad-provision ?
>   /usr/bin/samba-tool domain backup online --targetdir=/root/samba-ad-backup-awing/ --server=awing -UAdministrator
> INFO 2024-06-27 18:35:35,593 pid:2650 /usr/lib/python3/dist-packages/samba/join.py #1637: workgroup is MAD
> INFO 2024-06-27 18:35:35,593 pid:2650 /usr/lib/python3/dist-packages/samba/join.py #1640: realm is mad.caponato.es
> Calling bare provision
> INFO 2024-06-27 18:35:35,606 pid:2650 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2110: Looking up IPv4 addresses
> INFO 2024-06-27 18:35:35,607 pid:2650 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2127: Looking up IPv6 addresses
> WARNING 2024-06-27 18:35:35,607 pid:2650 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2134: No IPv6 address will be assigned
> ERROR(exception): uncaught exception - File [/usr/share/samba/setup/ad-schema/AD_DS_Attributes_Windows_Server_v1903.ldf] not found. Please install samba-ad-provision package

Hmm.  Why it needs the ldif for `domain backup online' ?

The package split in debian is my best-effort to determine what is what.
But now I see it wants more seemingly-unrelated files for other parts.
On the other hand, reportedly, samba-ad-provision should not ship many
files used testsuite only.

It would be very helpful to have some list here.  Or maybe we should
tweak python sources to not load things which aren't actually needed
(if the're not needed ofc).

Obviously I don't want this sort of things to happen.  samba-ad-provision
package is recommended by samba-ad-dc, but not by samba package nor by
python3-samba (where samba-tool lives now).  I *hoped* it isn't needed
for a regular file server.  On the other hand, the .ldif files is the
bulk of samba-ad-provision, this was one of the main reasons I split
it out.

Sigh.  Suggestions welcome.



GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

More information about the samba mailing list