Web lists-archives.com

Re: [Samba] samba-tool domain backup ERROR




Am 28.02.2019 14:18, schrieb L.P.H. van Belle via samba:
Hmm.

Hai stefan,

I hadnt use the : samba-tool domain backup online --server=dc1
--targetdir=./  option yet.
I've run the command on the same dc as im backing up and i did a kinit
Administrator before it.
Also tried it with -UNTDOM\\Administrator  and -Uadministrator
All three  resulted in a good backup.

... More logging here.....
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness
constraint on local domainSIDs
...
A Kerberos configuration suitable for Samba AD has been generated at
/root/tmpvMsnbF/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace
it with this one. Do not create a symlink!
Provision OK for domain DN DC=rotterdam,DC=bazuin,DC=nl
Starting replication
Using DS_BIND_GUID_W2K3
...
Cloned domain NTDOM (SID S-1-5-21-123415564-252352352)
...

Creating backup file
./samba-backup-internal.domain.tld-2019-02-28T13-51-25.864257.tar.bz2...

Our difference.
In running backend AD, i assum you run with rid backend.

Hmm, i have to think about this, i know there was an bugreport on the
backup option..
I'll see if i can find it.

@Rowland, do you know if the SID/RID of Administrator is the same on
the DC's when using RID backend?

Last @Stefan, i noticed also : IndexError
Run on both DC's : samba-tool dbcheck --reindex
Try again.
I did it, but no change, still the same erorrmessages :-(


Greetz,

Louis



-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Stefan Kania via samba
Verzonden: donderdag 28 februari 2019 13:47
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: [Samba] samba-tool domain backup ERROR


Hello,

we want to backup the AD-database with the samba-tool
backup-option. We
use Sernet-packages 4.9.4 we have two DCs if I do the backup
on the same
DC I got the following messages:
-----------------
root@dc-ste-01:~# samba-tool domain backup online --server=dc-ste-01
--targetdir=. -U administrator
Password for [LF\administrator]:
....
Committing SAM database
Setting isSynchronized and dsServiceName
Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
ERROR(<type 'exceptions.IndexError'>): uncaught exception -
list index
out of range
   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
177, in _run
     return self.run(*args, **kwargs)
   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
line 237, in run
     new_sid = get_sid_for_restore(remote_sam)
   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
line 73, in get_sid_for_restore
     rid = int(res[0].get('rIDNextRID')[0])

-----------------

If we do it on the other DC we got the following messages:
-----------------
root@dc-ste-01:~# samba-tool domain backup online --server=dc-ibb-01
--targetdir=. -U administrator
Password for [LF\administrator]:
Committing SAM database
Setting isSynchronized and dsServiceName
Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
process has requested access to an object but has not been
granted those
access rights.')
   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
177, in _run
     return self.run(*args, **kwargs)
   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
line 243, in run
     backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
line 508, in
backup_online
     ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py",
line 331, in
get_acl
     smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)

-----------------
the package "lmdb-utils" is installed on both DCs.

Any tip?

Stefan

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba