ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A process has requested access to an object but has not been granted those access rights.') The issue was due to ACL rights on a sysvol object. Running samba-tool sysvolreset did not resolve the issue. Deleting the GPO allowed for the online backup to succeed without error. More details: https://lists.samba.org/archive/samba/2019-January/220361.html https://lists.samba.org/archive/samba/2019-April/222417.html The backup tool should really be updated to clearly log what sysvol file is causing it problems.
(In reply to David Mulder from comment #0) Hello david, I believe by default dacl set on sysvol/policies are SEC_ACE_TYPE_ACCESS_ALLOWED and does not gives error on 'online backup'. On freshly installed samba DC. # samba-tool domain backup online --server=sambadom.amitexample.com --targetdir=/root -U Administrator .. INFO 2019-08-31 07:48:26,327 pid:2300 /usr/lib64/python3.7/site-packages/samba/netcmd/domain_backup.py #124: Creating backup file /root/samba-backup-samdom.amitexample.com-2019-08-31T07-48-26.219642.tar.bz2... # so, did you set ACL on sysvol/policy/<> using # samba-tool ntacl set <> If yes, can you please provide command so that I can reproduce locally?
See commit 4be5ffdca62 to master. This was probably related to https://bugzilla.samba.org/show_bug.cgi?id=13917 but we needed better error handling anyway. Sorry it took a while for me to respond here, I've been on leave.