Bug 13917 - samba-tool domain backup online doesn't work against Windows
Summary: samba-tool domain backup online doesn't work against Windows
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.10.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-26 15:13 UTC by Stefan Metzmacher
Modified: 2019-06-20 09:42 UTC (History)
1 user (show)

See Also:

Attachments
patch backported from master (1.31 KB, patch)
2019-05-31 07:23 UTC, Andrew Bartlett 		metze: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2019-04-26 15:13:50 UTC 
We only need security.SEC_STD_READ_CONTROL in order to get the ACL.

We should avoid security.SEC_FLAG_MAXIMUM_ALLOWED otherwise
we may get NT_STATUS_SHARING_VIOLATION when we run
'samba-tool domain backup online' against a Windows DC.
Windows DCs have hidden folders for the NtFrs or Dfsr services,
which are locked by the running service.
Comment 1 Andrew Bartlett 2019-05-31 06:43:37 UTC 
Fixed in master with 15032ec6df1abbb53f1b1d5377aab369f83ae707 for Samba 4.11

Leaving open for a backport to 4.10
Comment 2 Andrew Bartlett 2019-05-31 07:23:34 UTC 
Created attachment 15211 [details]
patch backported from master
Comment 3 Stefan Metzmacher 2019-05-31 07:44:29 UTC 
Comment on attachment 15211 [details]
patch backported from master

This is for 4.9 and 4.10
Comment 4 Karolin Seeger 2019-06-04 09:15:37 UTC 
Pushed to autobuild-v4-{10,9}-test.
Comment 5 Karolin Seeger 2019-06-20 09:42:38 UTC 
(In reply to Karolin Seeger from comment #4)
Pushed to both branches.
Closing out bug report.

Thanks!