[Samba] Samba, Time Machine, and ADS

[Johan Hattne]

Dear all;

I’m running smbd 4.9.5-Debian and I’m struggling to get Time Machine support to work.  The server is running Debian Buster, and the client is macOS High Sierra.  I can mount the share just fine on its own, but as soon as I tell Time Machine to “Back Up Now”, it says “Preparing Backup,“ “Looking for Backup Disk,” and then nothing.  The little red exclamation mark tells me that "The network backup disk could not be accessed because there was a problem with the network username or password.”

I’ve been tailing the logs but nothing sticks out to my untrained eyes, except that nowhere does there seem to be any indication of the identity of the authenticating user—thus my suspicion that AD is somehow involved.  What I do get is this:

[2019/09/04 16:16:27.522157,  5] ../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2019/09/04 16:16:27.522173,  5] ../source3/auth/token_util.c:866(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2019/09/04 16:16:27.522201,  5] ../source3/smbd/uid.c:509(smbd_change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2019/09/04 16:16:27.522365,  3] ../source3/smbd/server_exit.c:237(exit_server_common)
  Server exit (NT_STATUS_END_OF_FILE)

And this is the full smb.conf:

[global]
	client signing = mandatory
	server signing = mandatory
	kerberos method = secrets and keytab
	load printers = no
	realm = AD.EXAMPLE.COM
	security = ADS
	workgroup = AD
	idmap config *:backend = tdb2
	idmap config *:range = 1000-9999
	idmap config AD:backend = ad
	idmap config AD:range = 10000-9999999999
	log file = /var/log/samba/log.%m
	max log size = 1000
	log level = 5
	netbios name = MYHOST
	server string = Samba %v (%h)
	vfs objects = catia fruit streams_xattr
	fruit:time machine = yes
	fruit:time machine max size = 1024G
[TimeMachineBackup]
	writeable = yes
	browsable = yes
	path = /var/timemachine

Cluebat, anyone?

// Best wishes; Johan