[Samba] issues with Time Machine - did macOS change how they handle things?

Sat Apr 11 16:17:58 UTC 2020

It turns out the issue was a single line in smb.conf. changing fruit:metadata = netatalk to fruit:metadata = stream fixed my issue. I can now initiate backups over samba. This is listed on the samba.org wiki for OS X support, but I somehow missed it.

On Mon, Apr 6, 2020, at 6:40 PM, Michael Robinson wrote:
> TL;DR: Time Machine cannot create a *new* backup on my shared drive, but can add to an *existing* backup.
> 
> I'm running macOS Catalina and my Time Machine backs up to a Debian 10 server with NetAtalk and Avahi. Since Mavericks macOS has preferred SMB, and given SMB is marginally faster I decided to switch to using SMB for the Time Machine shares. On a fresh AFP share I can start a new Time Machine backup in System Preferences and it will create a new .sparseimage without complaint. 
> 
> If I use the exact same directory (/usr/local/smb), so same permissions etc, and create a samba share, when Time Machine attempts to create a new backup it give the error: "Time Machine couldn’t complete the backup to SERVER.local. The backup disk image could not be created."
> 
> If I first connect to the share with AFP and do the initial backup, I can then connect with SMB and add subsequent incremental backups without error. I thought maybe a permissions issue, but for debugging purposes I have /usr/local/smb set to 0777 and still get the error.
> 
> `ls -la` showing permissions of the share point:
> 
> drwxrwxrwx 5 MY_USER smbusers 4096 Apr 3 12:35 smb
> 
> 
> I find the following possibly helpful error in the log:
> 
> Failed to create '/Volumes/.timemachine/SERVER._smb._tcp.local/DDE06691-7411-41DD-8419-24FEFC21CE29/TimeMachine Set A - SMB/8E394711-7E3F-520B-800C-192D4F680177.sparsebundle', results: {
> }, error: 13 Permission denied
> Then,
> Backup failed with error 20: 20
> 
> 
> afp.conf:
> 
> [Global]
> ; Global server settings
> vol preset = default_for_all
> log file = /var/log/netatalk.log
> uam list = uams_dhx2.so,uams_clrtxt.so
> save password = no
> 
> [default_for_all]
> file perm = 0664
> directory perm = 0774
> cnid scheme = dbd
> 
> [Time Machine Set A - AFP]
> path = /usr/local/smb
> time machine = yes
> vol size limit = 4000000
> 
> 
> I'm using some smb.conf options suggested in this GitHub: <https://gist.github.com/ChloeTigre/4c2022c0d1a281deedba6f7539a2e3ae>
> 
> smb.conf:
> 
> [global]
> 
> ## Browsing/Identification ###
> 
> # Change this to the workgroup/NT-domain name your Samba server will part of
>  workgroup = WORKGROUP
>  wins support = yes
> 
> #### Debugging/Accounting ####
> 
> # This tells Samba to use a separate log file for each machine
> # that connects
>  log file = /var/log/samba/log.%m
> 
> # Cap the size of the individual log files (in KiB).
>  max log size = 1000
> 
> # We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
> # Append syslog at 1 if you want important messages to be sent to syslog too.
>  logging = file
> 
> # Do something sensible when Samba crashes: mail the admin a backtrace
>  panic action = /usr/share/samba/panic-action %d
> 
> ###MacOS compatability stuff
> guest account = smbguest
> min protocol = SMB2
> map acl inherit = yes
> vfs objects = catia fruit streams_xattr 
> fruit:metadata = netatalk
> fruit:model = MacSamba
> fruit:posix_rename = yes 
> fruit:veto_appledouble = yes
> 
> durable handles = yes
> kernel oplocks = no
> kernel share modes =no
> posix locking = no
> smb2 leases = yes
> 
> 
> #Turned off for testing compatability
> #fruit:wipe_intentionally_left_blank_rfork = yes 
> #fruit:delete_empty_adfiles = yes 
> 
> ####### Authentication #######
> 
> # Server role. Defines in which mode Samba will operate. Possible
> # values are "standalone server", "member server", "classic primary
> # domain controller", "classic backup domain controller", "active
> # directory domain controller". 
> #
> # Most people will want "standalone server" or "member server".
> # Running as "active directory domain controller" will require first
> # running "samba-tool domain provision" to wipe databases and create a
> # new domain.
>  server role = standalone server
> 
>  obey pam restrictions = yes
> 
> # This boolean parameter controls whether Samba attempts to sync the Unix
> # password with the SMB password when the encrypted SMB password in the
> # passdb is changed.
>  unix password sync = yes
> 
> # For Unix password sync to work on a Debian GNU/Linux system, the following
> # parameters must be set (thanks to Ian Kahan <<kahan at informatik.tu-muenchen.de> for
> # sending the correct chat script for the passwd program in Debian Sarge).
>  passwd program = /usr/bin/passwd %u
>  passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> 
> # This boolean controls whether PAM will be used for password changes
> # when requested by an SMB client instead of the program listed in
> # 'passwd program'. The default is 'no'.
>  pam password change = yes
> 
> # This option controls how unsuccessful authentication attempts are mapped
> # to anonymous connections
>  map to guest = bad user
> 
> ######Security#######
> security = user
> valid users = @smbusers
> username map = /etc/samba/users.map
> guest ok = no
> 
> # Allow users who've been granted usershare privileges to create
> # public shares, not just authenticated ones
>  usershare allow guests = yes
> 
> #======================= Share Definitions =======================
> 
> [TimeMachine Set A - SMB]
> path = /usr/local/smb
> comment = SMB Time Machine Destination Set A
> browsable = yes
> writeable = yes
> create mode = 0664 #tried turning this off, no fix
> directory mode = 0777 #tried turning this off, no fix
> vfs objects = catia fruit streams_xattr
> fruit:aapl = yes
> fruit:time machine = yes
> #guest ok = yes
> fruit:time machine max size = 3.9T #tried turning this off, no fix
> inherit acls = yes