[Samba] Samba, Time Machine, and ADS

Johan Hattne johan at hattne.se
Thu Sep 5 17:57:49 UTC 2019 

Thanks a lot, Rowland and Louis!  After installing packages from Louis’s repository, Time Machine is now backing up.

It is however not clear to me how Time Machine is enabled at compile time.  Diffing the smdb -b output between the stock smbd in Debian Buster and Louis’s, I see that Louis’s has e.g. WITH_ADS and WITH_SPOTLIGHT, but is that really it?  If I’m to leave a feature request with the Debian samba maintainers, I’m not sure what to ask for.

The idmapping backend setting was an oversight, originating from a CTDB setup—thanks for catching that, Rowland.  uid and gid ranges were fine all along.

// Best wishes; Johan

> On Sep 5, 2019, at 00:51, L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
> 
> TimeMachine is NOT enabled in the official debian packages. 
> 
> If you want time machine, report it at debian as bug/request if you want this enabled, and untill then, 
> You can use my packages, where timemachine is enabled. 
> 
> Or rebuild the the debian packages your self and enable it, that part only is very easy. 
> 
> + what Rowland told you. ;-) 
> 
> Greetz, 
> 
> Louis
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>> Rowland penny via samba
>> Verzonden: donderdag 5 september 2019 9:33
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba, Time Machine, and ADS
>> 
>> On 05/09/2019 00:25, Johan Hattne via samba wrote:
>>> Dear all;
>>> 
>>> I?m running smbd 4.9.5-Debian and I?m struggling to get 
>> Time Machine support to work.  The server is running Debian 
>> Buster, and the client is macOS High Sierra.  I can mount the 
>> share just fine on its own, but as soon as I tell Time 
>> Machine to ?Back Up Now?, it says ?Preparing Backup,? 
>> ?Looking for Backup Disk,? and then nothing.  The little red 
>> exclamation mark tells me that "The network backup disk could 
>> not be accessed because there was a problem with the network 
>> username or password.?
>>> 
>>> I?ve been tailing the logs but nothing sticks out to my 
>> untrained eyes, except that nowhere does there seem to be any 
>> indication of the identity of the authenticating user?thus my 
>> suspicion that AD is somehow involved.  What I do get is this:
>>> 
>>> [2019/09/04 16:16:27.522157,  5] 
>> ../libcli/security/security_token.c:53(security_token_debug)
>>>   Security token: (NULL)
>>> [2019/09/04 16:16:27.522173,  5] 
>> ../source3/auth/token_util.c:866(debug_unix_user_token)
>>>   UNIX token of user 0
>>>   Primary group is 0 and contains 0 supplementary groups
>>> [2019/09/04 16:16:27.522201,  5] 
>> ../source3/smbd/uid.c:509(smbd_change_to_root_user)
>>>   change_to_root_user: now uid=(0,0) gid=(0,0)
>>> [2019/09/04 16:16:27.522365,  3] 
>> ../source3/smbd/server_exit.c:237(exit_server_common)
>>>   Server exit (NT_STATUS_END_OF_FILE)
>>> 
>>> And this is the full smb.conf:
>>> 
>>> [global]
>>> 	client signing = mandatory
>>> 	server signing = mandatory
>>> 	kerberos method = secrets and keytab
>>> 	load printers = no
>>> 	realm = AD.EXAMPLE.COM
>>> 	security = ADS
>>> 	workgroup = AD
>>> 	idmap config *:backend = tdb2
>>> 	idmap config *:range = 1000-9999
>>> 	idmap config AD:backend = ad
>>> 	idmap config AD:range = 10000-9999999999
>>> 	log file = /var/log/samba/log.%m
>>> 	max log size = 1000
>>> 	log level = 5
>>> 	netbios name = MYHOST
>>> 	server string = Samba %v (%h)
>>> 	vfs objects = catia fruit streams_xattr
>>> 	fruit:time machine = yes
>>> 	fruit:time machine max size = 1024G
>>> [TimeMachineBackup]
>>> 	writeable = yes
>>> 	browsable = yes
>>> 	path = /var/timemachine
>>> 
>>> Cluebat, anyone?
>>> 
>>> // Best wishes; Johan
>>> 
>>> 
>> Why are you using 'tdb2' for the default domain instead of 'tdb', is 
>> this machine part of a ctdb cluster ?
>> 
>> You are using the winbind 'ad'  backend , so have you given 
>> your users a 
>> uidNumber attribute containing a unique number inside the 
>> '10000-9999999999' range and given Domain Users a gidNumber 
>> containing a 
>> number inside the same range ?
>> 
>> Rowland
>> 
>> 
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
>> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list