Web lists-archives.com

Re: [Samba] samba-tool domain backup ERROR




On 1/03/19 1:46 AM, Stefan Kania via samba wrote:
>
> ....
> Committing SAM database
> Setting isSynchronized and dsServiceName
> Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
> ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index
> out of range
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 177, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
> 237, in run
>     new_sid = get_sid_for_restore(remote_sam)
>   File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
> 73, in get_sid_for_restore
>     rid = int(res[0].get('rIDNextRID')[0])
>
So, I've seen this before when you try to back up a DC that hasn't
initialized its RID pool yet. I thought it was just a corner-case that
only happens if you try to backup a brand new DC. I'm guessing the same
thing could happen though if all the RID allocations have taken place on
the primary DC and you try to back up the secondary DC.

Creating/deleting a temporary user on that DC should force a RID
allocation. See:
https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC#Troubleshooting

Most likely you'll just hit the second sysvol problem though.

> ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
> process has requested access to an object but has not been granted
> those access rights.')
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 177, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
> 243, in run
>     backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
>   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 508,
> in backup_online
>     ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
>   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 331,
> in get_acl
>     smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
>
We've seen this problem once before, see thread:
https://lists.samba.org/archive/samba/2019-January/220353.html

That thread has got some tips on trying to get debug out about what file
is causing the problem. Note that you need to enable the debug on the
samba server (i.e. smbd).

We need better debug in the tool itself when this happens. I'll try to
improve it.

Another work-around for this sysvol problem would be to upgrade to 4.10
once it's released and use the new 'backup offline' option.

Cheers,
Tim

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba