I recently moved a Time Capsule instance from a FreeBSD host into a jail. Today, I’m going to create a new Time Capsule which uses Samba instead of AFP. Why? Samba seems to be the preferred solution because AFP has been deprecated. It still works, but let’s go Samba.
Not covered in this post, but recommended: snapshot your datasets on a regular basis. I like using sanoid for that. That way, if your backup gets corrupted somehow, you can rollback to a recent snapshot, and try again. Hopefully, you don’t lose your back history.
In this post:
- FreeBSD 13.2
- Samba 4.16.11
This is a summary
I’m not going into details about creating a jail, configuring it, etc. This is only about Samba in the jail. That said, this is my jail configuration:
$NIC = "bridge0";
tc {
ip4.addr = "$NIC|10.55.0.41";
persist;
enforce_statfs = "1";
allow.mount.nullfs;
allow.mount=true;
allow.mount.fdescfs;
mount.fstab="/etc/fstab.$name";
}
Samba
NOTE: This configuration stopped working for me. I don’t know why. I am now using the configuration shown at this FreeBSD Forums post.
I installed Samba 4.16.11 and used this configuration file (/usr/local/etc/smb4.conf:
# This instance is used only for Time Machines. Nothing else. # from https://bsky.app/profile/sweordbora.hausen.com/post/3kafje4ovq52z [global] # adjust this to your network/netmask remote announce = 203.0.113.255 security = user encrypt passwords = yes ea support = No kernel share modes = No mangled names = no path = /usr/local/samba/tc/%U posix locking = No read only = No smbd max xattr size = 2097152 vfs objects = catia fruit streams_xattr # these are the objects which did not work on my Samba instance # tmprotect shadow_copy_zfs ixnas zfs_core aio_fbsd fruit:time machine max size = 1T zfs_core:zfs_auto_create = yes fruit:locking = none fruit:time machine = yes fruit:resource = stream fruit:metadata = stream fruit:encoding = native nfs4:chown = true ixnas:dosattrib_xattr = false [tm] comment = Time Machine
NOTE: the above needs to be updated after I get things running. It is now incomplete.
Create user passwords
I will create a Samba login for each device which will be backed up. Here is the first one. NOTE that I first created the dvl-pro03 using adduser. Actually, I just copy/pasted entries from vipw in the other TimeCapsule instance. If you’re not duplicating an existing instance, you probably want to run adduser before running this command:
[12:50 tc dvl ~] % sudo smbpasswd -a dvl-pro03 New SMB password: Retype new SMB password: Added user dvl-pro03.
I think the Samba passwords are stored here:
[12:53 tc dvl ~] % sudo ls -l /var/db/samba4/private total 49 -rw------- 1 root wheel 421888 2023.09.28 12:50 passdb.tdb -rw------- 1 root wheel 430080 2023.09.28 12:41 secrets.tdb
Enabling and starting Samba
Here we go, the big event…
[12:55 tc dvl ~] % sudo service samba_server start Cannot 'start' samba_server. Set samba_server_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'. [12:55 tc dvl ~] % sudo service samba_server enable samba_server enabled in /etc/rc.conf [12:55 tc dvl ~] % sudo service samba_server start Performing sanity check on Samba configuration: OK kldload: can't load fdescfs: Operation not permitted /usr/local/etc/rc.d/samba_server: WARNING: Unable to load kernel module fdescfs /usr/local/etc/rc.d/samba_server: WARNING: samba_server: cannot fdescfs mount to /var/run/samba4/fd Starting nmbd. Starting smbd. [12:55 tc dvl ~] %
I needed to add mount.devfs; to my jail configuration. I stopped the jail, added it, and started the jail. The jail configuration at the top of this post includes thata.
After restarting, Samba was running:
dvl@tc:~ $ ps auwwx USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND dvl 54286 0.1 0.0 21508 10076 - SJ 12:58 0:00.00 sshd: dvl@pts/1 (sshd) root 53115 0.0 0.0 12868 2700 - SsJ 12:57 0:00.00 /usr/sbin/syslogd -s root 53171 0.0 0.0 40336 19164 - SsJ 12:57 0:00.00 /usr/local/sbin/nmbd --daemon --configfile=/usr/local/etc/smb4.conf root 53175 0.0 0.4 173948 266824 - IsJ 12:57 0:00.35 /usr/local/sbin/smbd --daemon --configfile=/usr/local/etc/smb4.conf root 53182 0.0 0.0 12908 2496 - IsJ 12:57 0:00.00 /usr/sbin/cron -s root 53217 0.0 0.0 21068 9232 - SsJ 12:57 0:00.00 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd) nagios 53229 0.0 0.0 16944 6268 - IsJ 12:57 0:00.00 /usr/local/sbin/nrpe -c /usr/local/etc/nrpe.cfg -d root 53401 0.0 0.3 132036 186900 - SJ 12:57 0:00.00 /usr/local/sbin/smbd --daemon --configfile=/usr/local/etc/smb4.conf root 53433 0.0 0.3 132028 186884 - SJ 12:57 0:00.00 /usr/local/sbin/smbd --daemon --configfile=/usr/local/etc/smb4.conf root 54284 0.0 0.0 21508 9788 - SsJ 12:58 0:00.02 sshd: dvl [priv] (sshd) dvl 54287 0.0 0.0 13580 3436 1 SsJ 12:58 0:00.00 -sh (sh) dvl 54290 0.0 0.0 13444 3056 1 R+J 12:58 0:00.00 ps auwwx dvl@tc:~ $
nullfs mounting the datasets
Where do I backup? In my case, I want to nullfs mount the existing datasets used by the other Time Capsule instance. The clients only run one backup at a time.
These are the existing filesets:
[13:04 r730-03 dvl ~] % zfs list | grep bacula-sd-04 data01/bacula-volumes 7.52T 5.68T 96K /jails/bacula-sd-04/usr/local/bacula/volumes data01/bacula-volumes/DiffFile 71.6G 952G 71.6G /jails/bacula-sd-04/usr/local/bacula/volumes/DiffFile data01/bacula-volumes/FullFile 3.48T 2.52T 3.42T /jails/bacula-sd-04/usr/local/bacula/volumes/FullFile data01/bacula-volumes/FullFileNoNextPool 3.42T 5.68T 3.42T /jails/bacula-sd-04/usr/local/bacula/volumes/FullFileNoNextPool data01/bacula-volumes/IncrFile 572G 1.94T 100G /jails/bacula-sd-04/usr/local/bacula/volumes/IncrFile data01/jails/bacula-sd-04 1.96G 5.68T 1.70G /jails/bacula-sd-04
This is what I added to the configuration of my tc jail:
mount.fstab="/etc/fstab.$name";
That will invoke the contents of this file: /etc/fstab.tc which contains:
/jails/timecapsule/usr/local/timecapsule /jails/tc/usr/local/samba/tc/ nullfs rw,noatime 0 0 /jails/timecapsule/usr/local/timecapsule/dvl-air01 /jails/tc/usr/local/samba/tc//dvl-air01 nullfs rw,noatime 0 0 /jails/timecapsule/usr/local/timecapsule/dvl-dent /jails/tc/usr/local/samba/tc//dvl-dent nullfs rw,noatime 0 0 /jails/timecapsule/usr/local/timecapsule/dvl-dent-sparse /jails/tc/usr/local/samba/tc//dvl-dent-sparse nullfs rw,noatime 0 0 /jails/timecapsule/usr/local/timecapsule/dvl-pro02 /jails/tc/usr/local/samba/tc//dvl-pro02 nullfs rw,noatime 0 0 /jails/timecapsule/usr/local/timecapsule/dvl-pro03 /jails/tc/usr/local/samba/tc//dvl-pro03 nullfs rw,noatime 0 0
Wait… A sudden realization. I recently Jails with embedded, but not jailed, ZFS datasets – how to mount/umount – corrected. How will that affect the use of nullfs?
I’ll have to keep that in mind.
A referral
This just in from Alex Rosenberg:
Why not run both daemons from the same jail?
Great idea. However, I’ve come to far. First I want to prove this can be done over nullfs in separate jails. Then I’ll do try in the same jail. Then retire the afp version.
Let’s see if I can connect to Samba
I went into Finder, pressed CMD-K, specified smb://tc.int.unixathome.org, entered the credentials I created above, and failed:
Checking /var/log/messages, I found:
Sep 28 14:56:26 tc smbd[18067]: [2023/09/28 14:56:26.972183, 0] ../../lib/util/modules.c:49(load_module) Sep 28 14:56:26 tc smbd[18067]: Error loading module '/usr/local/lib/samba4/modules/vfs/aio_fbsd.so': Cannot open "/usr/local/lib/samba4/modules/vfs/aio_fbsd.so" Sep 28 14:56:26 tc smbd[18067]: [2023/09/28 14:56:26.972246, 0] ../../source3/smbd/vfs.c:186(vfs_init_custom) Sep 28 14:56:26 tc smbd[18067]: error probing vfs module 'aio_fbsd': NT_STATUS_UNSUCCESSFUL Sep 28 14:56:26 tc smbd[18067]: [2023/09/28 14:56:26.972458, 0] ../../source3/smbd/vfs.c:399(smbd_vfs_init) Sep 28 14:56:26 tc smbd[18067]: smbd_vfs_init: vfs_init_custom failed for aio_fbsd Sep 28 14:56:26 tc smbd[18067]: [2023/09/28 14:56:26.972474, 0] ../../source3/smbd/service.c:639(make_connection_snum) Sep 28 14:56:26 tc smbd[18067]: make_connection_snum: vfs_init failed for service IPC$ Sep 28 14:56:26 tc smbd[18067]: [2023/09/28 14:56:26.976818, 0] ../../lib/util/modules.c:49(load_module) Sep 28 14:56:26 tc smbd[18067]: Error loading module '/usr/local/lib/samba4/modules/vfs/aio_fbsd.so': Cannot open "/usr/local/lib/samba4/modules/vfs/aio_fbsd.so" Sep 28 14:56:26 tc smbd[18067]: [2023/09/28 14:56:26.976858, 0] ../../source3/smbd/vfs.c:186(vfs_init_custom) Sep 28 14:56:26 tc smbd[18067]: error probing vfs module 'aio_fbsd': NT_STATUS_UNSUCCESSFUL Sep 28 14:56:26 tc smbd[18067]: [2023/09/28 14:56:26.976874, 0] ../../source3/smbd/vfs.c:399(smbd_vfs_init) Sep 28 14:56:26 tc smbd[18067]: smbd_vfs_init: vfs_init_custom failed for aio_fbsd Sep 28 14:56:26 tc smbd[18067]: [2023/09/28 14:56:26.976888, 0] ../../source3/smbd/service.c:639(make_connection_snum) Sep 28 14:56:26 tc smbd[18067]: make_connection_snum: vfs_init failed for service IPC$
These were configuration options present in the TrueNAS samba configuration which did not work in my instance of Samba. You probably won’t encounter this. I adjusted the configuration, restarted Samba, repeat. The Samba configuration at the top of this post should just work.
It works
I got connected via CMD-K, then added a new Time Machine Destination via Time Machine Preferences. It connected.
I initiated a backup.
It worked.
This is great
This is great. There were a few bumps (jail configuration, samba configuration), but in general, it just worked.
