Bug 13917 - samba-tool domain backup online doesn't work against Windows
Summary: samba-tool domain backup online doesn't work against Windows
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.10.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2019-04-26 15:13 UTC by Stefan Metzmacher
Modified: 2019-06-20 09:42 UTC (History)
1 user (show)

See Also:

patch backported from master (1.31 KB, patch)
2019-05-31 07:23 UTC, Andrew Bartlett
metze: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2019-04-26 15:13:50 UTC
We only need security.SEC_STD_READ_CONTROL in order to get the ACL.

We should avoid security.SEC_FLAG_MAXIMUM_ALLOWED otherwise
we may get NT_STATUS_SHARING_VIOLATION when we run
'samba-tool domain backup online' against a Windows DC.
Windows DCs have hidden folders for the NtFrs or Dfsr services,
which are locked by the running service.
Comment 1 Andrew Bartlett 2019-05-31 06:43:37 UTC
Fixed in master with 15032ec6df1abbb53f1b1d5377aab369f83ae707 for Samba 4.11

Leaving open for a backport to 4.10
Comment 2 Andrew Bartlett 2019-05-31 07:23:34 UTC
Created attachment 15211 [details]
patch backported from master
Comment 3 Stefan Metzmacher 2019-05-31 07:44:29 UTC
Comment on attachment 15211 [details]
patch backported from master

This is for 4.9 and 4.10
Comment 4 Karolin Seeger 2019-06-04 09:15:37 UTC
Pushed to autobuild-v4-{10,9}-test.
Comment 5 Karolin Seeger 2019-06-20 09:42:38 UTC
(In reply to Karolin Seeger from comment #4)
Pushed to both branches.
Closing out bug report.