Web lists-archives.com

Re: [Samba] samba-tool domain backup ERROR




Now I dit the following:
- create a dummy-user on both DCs (to gewt the RID-pool)
- check the sysvolacls, everything is fine no error
but the Problem is still the same.

----
ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A process has requested access to an object but has not been granted those access rights.') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run
    return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line 243, in run
    backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 508, in backup_online
    ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 331, in get_acl
    smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)
----
If read the thread with the backup-problem and we came to the same point :-( I think we wait for samba 4.10
Stefan

Am 28.02.2019 21:53, schrieb Tim Beale:
On 1/03/19 1:46 AM, Stefan Kania via samba wrote:

....
Committing SAM database
Setting isSynchronized and dsServiceName
Cloned domain LF (SID S-1-5-21-2842440679-1648109622-3732055899)
ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index
out of range
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 177, in _run
    return self.run(*args, **kwargs)
  File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
237, in run
    new_sid = get_sid_for_restore(remote_sam)
  File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
73, in get_sid_for_restore
    rid = int(res[0].get('rIDNextRID')[0])

So, I've seen this before when you try to back up a DC that hasn't
initialized its RID pool yet. I thought it was just a corner-case that
only happens if you try to backup a brand new DC. I'm guessing the same
thing could happen though if all the RID allocations have taken place on
the primary DC and you try to back up the secondary DC.

Creating/deleting a temporary user on that DC should force a RID
allocation. See:
https://wiki.samba.org/index.php/Back_up_and_Restoring_a_Samba_AD_DC#Troubleshooting

Most likely you'll just hit the second sysvol problem though.

ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A
process has requested access to an object but has not been granted
those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 177, in _run
    return self.run(*args, **kwargs)
  File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py", line
243, in run
    backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 508,
in backup_online
    ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 331,
in get_acl
    smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)

We've seen this problem once before, see thread:
https://lists.samba.org/archive/samba/2019-January/220353.html

That thread has got some tips on trying to get debug out about what file
is causing the problem. Note that you need to enable the debug on the
samba server (i.e. smbd).

We need better debug in the tool itself when this happens. I'll try to
improve it.

Another work-around for this sysvol problem would be to upgrade to 4.10
once it's released and use the new 'backup offline' option.

Cheers,
Tim

--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba