[Pkg-samba-maint] Bug#953918: "samba-tool domain backup online" crashes with an error message

bauer.sascha at a1.net bauer.sascha at a1.net
Sat Mar 14 18:27:50 GMT 2020

Package: python-samba
Version: 2:4.9.5+dfsg-5+deb10u1
Severity: important
Tags: patch, buster

When I invoke an online-backup from a samba ad-domain using "samba-tool
domain backup", samba-tool crashes with an error message.

root at dc1:/tmp/bak# samba-tool domain backup online --targetdir=./
--server=dc1.samdom.example.com -UAdministrator
ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A process
has requested access to an object but has not been granted those access
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
177, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
line 243, in run
    backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 499, in
    ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 322, in

The reason is a bug in "/usr/lib/python2.7/dist-packages/samba/ntacls.py".
The bug is already solved in later version of samba, see this link:
But the bug could also be backported to samba 4.9, which is included in
Debian buster.
All what to do is to replace the line 51 "security.SEC_FLAG_MAXIMUM_ALLOWED"
with "security.SEC_STD_READ_CONTROL" in

I am using Debian GNU/Linux 10 (buster) , kernel 4.19.0-8-amd64 #1 SMP
Debian 4.19.98-1 (2020-01-26) x86_64 GNU/Linux and libc-2.28-10.

More information about the Pkg-samba-maint mailing list