This is a rewrite of a previous post on the same subject. I have rewritten it because I created a new jail (tm) and I’m using a different configuration now.
I recently moved a Time Capsule instance from a FreeBSD host into a jail. Later, I moved to using Samba instead of AFP. Why? Samba seems to be the preferred solution because AFP has been deprecated. It still works, but let’s go Samba.
In this post:
- FreeBSD 14.0
- Samba 4.16.11
This is a summary
I’m not going into details about creating a jail, configuring it, etc. I don’t show how to install the packages or create the users. This is mostly about Samba in the jail.
Jail configuration
This is the configuration for my tm jail:
# stuff at the top of my /etc/jail.conf file which affect the jail in question
# For your location, try not using them and see how it goes.
$NIC = "bridge0";
path = /jails/$name;
host.hostname = "$name.int.unixathome.org";
exec.consolelog="/var/tmp/jail.$name";
tm {
ip4.addr = "$NIC|10.0.0.56";
persist;
enforce_statfs = "1";
allow.mount.nullfs;
allow.mount=true;
allow.mount.fdescfs;
}
Samba
NOTE: This configuration stopped working for me. I don’t know why. I am now using the configuration shown at this FreeBSD Forums post. In my previous post, I was using this FreeBSD Forums post as a starting point.
I installed Samba 4.16.11 and used this configuration file (/usr/local/etc/smb4.conf):
[21:07 tm dvl ~] % cat /usr/local/etc/smb4.conf # This instance is used only for Time Machines. Nothing else. # from https://bsky.app/profile/sweordbora.hausen.com/post/3kafje4ovq52z [global] # I selected a name which did not match any other workgroup in my network. workgroup = TimeMachine # add these two lines to avoid smbd_open_one_socket: open_socket_in failed: Protocol not supported bind interfaces only = yes interfaces = bridge0 # The IP address of my jail is 10.0.0.56/24 remote announce = 10.0.0.255 security = user encrypt passwords = yes # I keep this here as a reminder, but I'm not using it. # re: https://github.com/mbentley/docker-timemachine/issues/105#issuecomment-1130483951 #server min protocol = SMB2 # I'll show you later how I create that path path = /usr/local/timemachine/%U # Taken from https://forums.freebsd.org/threads/samba-functions-but-unable-to-use-it-as-a-macos-time-machine-destination.79896/ fruit:aapl = yes fruit:nfs_aces = yes fruit:copyfile = no fruit:model = MacSamba vfs objects = acl_xattr catia fruit streams_xattr fruit:resource = file fruit:time machine = yes fruit:time machine max size = 1950G fruit:metadata = netatalk fruit:locking = netatalk fruit:encoding = native public = no writable = yes printable = no create mask = 0664 directory mask = 0755 [tm] comment = Time Machine
Create user passwords
This section deals with Samba users. A later section deals with Unix users in the jail.
I will create a Samba login for each device which will be backed up. Here is the first one. NOTE that I first created the dvl-pro03 using adduser. Actually, I just copy/pasted entries from vipw in the other TimeCapsule instance. If you’re not duplicating an existing instance, you probably want to run adduser before running this command:
[12:50 tc dvl ~] % sudo smbpasswd -a dvl-pro03 New SMB password: Retype new SMB password: Added user dvl-pro03.
I think the Samba passwords are stored here:
[12:53 tc dvl ~] % sudo ls -l /var/db/samba4/private total 115 -rw------- 1 root wheel 421888 Jan 6 17:57 passdb.tdb -rw------- 1 root wheel 430080 Nov 9 19:45 secrets.tdb
The storage location
I won’t show you the creation, but I’ll show you the datasets:
[21:12 r730-03 dvl ~] % zfs list -r data01/timemachine NAME USED AVAIL REFER MOUNTPOINT data01/timemachine 577G 4.24T 104K /jails/tm/usr/local/timemachine data01/timemachine/dvl-air01 302G 4.24T 302G /jails/tm/usr/local/timemachine/dvl-air01 data01/timemachine/dvl-pro02 254G 496G 254G /jails/tm/usr/local/timemachine/dvl-pro02 data01/timemachine/dvl-pro03 21.0G 4.24T 21.0G /jails/tm/usr/local/timemachine/dvl-pro03
As you can see, the point point is directly into the jail.
I have three datasets, one for each laptop being backed up (air01, pro02, and pro03).
Unix users within the jail
This section deals with Unix users. A later section deals with Samba users.
I won’t go into user creation, but:
[21:22 tm dvl ~] % grep dvl- /etc/passwd dvl-air01:*:1008:1008:For backing up air01:/home/dvl-air01:/bin/sh dvl-pro02:*:1009:1009:For backing up pro02:/home/dvl-pro02:/bin/sh dvl-pro03:*:1012:1012:For backing up pro03:/home/dvl-pro03:/bin/sh
Also, in this jail, those home directories do not exist. I copied the users over from another host (i.e. my previous TimeMachine solution): I opened vipw on one host, and copy/paste into another. This creates the users but does not create the home directories. I did similar for /etc/group for those users.
I created separate Unix users for each laptop I’m backing up. I’m not sure why. However, this sure looks right to me:
[21:11 tm dvl ~] % cd /usr/local/timemachine [21:16 tm dvl /usr/local/timemachine] % ls -l total 74 drwxr-xr-x 3 dvl-air01 dvl-air01 4 2024.01.06 19:07 dvl-air01/ drwxr-xr-x 3 dvl-pro02 dvl-pro02 4 2024.01.06 07:29 dvl-pro02/ drwxr-xr-x 3 dvl-pro03 dvl-pro03 4 2024.01.06 18:38 dvl-pro03/ [21:16 tm dvl /usr/local/timemachine] % ls -ld . drwxr-xr-x 5 root wheel 5 2024.01.03 18:50 ./ [21:16 tm dvl /usr/local/timemachine] %
Each backup area is owned by a different user.
I see now my future experiment is chmod 0740 on each of those directories. But not today. There are backups in progress as I type.
Please let me know your results in that area.
Enabling and starting Samba
Here we go, the big event…
[12:55 tm dvl ~] % sudo service samba_server start Cannot 'start' samba_server. Set samba_server_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'. [12:55 tm dvl ~] % sudo service samba_server enable samba_server enabled in /etc/rc.conf [12:55 tm dvl ~] % sudo service samba_server start Performing sanity check on Samba configuration: OK kldload: can't load fdescfs: Operation not permitted /usr/local/etc/rc.d/samba_server: WARNING: Unable to load kernel module fdescfs /usr/local/etc/rc.d/samba_server: WARNING: samba_server: cannot fdescfs mount to /var/run/samba4/fd Starting nmbd. Starting smbd. [12:55 tm dvl ~] %
I needed to add mount.devfs; to my jail configuration. I stopped the jail, added it, and started the jail. The jail configuration at the top of this post includes thata.
After restarting, Samba was running:
dvl@tm:~ $ ps auwwx USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND dvl 54286 0.1 0.0 21508 10076 - SJ 12:58 0:00.00 sshd: dvl@pts/1 (sshd) root 53115 0.0 0.0 12868 2700 - SsJ 12:57 0:00.00 /usr/sbin/syslogd -s root 53171 0.0 0.0 40336 19164 - SsJ 12:57 0:00.00 /usr/local/sbin/nmbd --daemon --configfile=/usr/local/etc/smb4.conf root 53175 0.0 0.4 173948 266824 - IsJ 12:57 0:00.35 /usr/local/sbin/smbd --daemon --configfile=/usr/local/etc/smb4.conf root 53182 0.0 0.0 12908 2496 - IsJ 12:57 0:00.00 /usr/sbin/cron -s root 53217 0.0 0.0 21068 9232 - SsJ 12:57 0:00.00 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd) nagios 53229 0.0 0.0 16944 6268 - IsJ 12:57 0:00.00 /usr/local/sbin/nrpe -c /usr/local/etc/nrpe.cfg -d root 53401 0.0 0.3 132036 186900 - SJ 12:57 0:00.00 /usr/local/sbin/smbd --daemon --configfile=/usr/local/etc/smb4.conf root 53433 0.0 0.3 132028 186884 - SJ 12:57 0:00.00 /usr/local/sbin/smbd --daemon --configfile=/usr/local/etc/smb4.conf root 54284 0.0 0.0 21508 9788 - SsJ 12:58 0:00.02 sshd: dvl [priv] (sshd) dvl 54287 0.0 0.0 13580 3436 1 SsJ 12:58 0:00.00 -sh (sh) dvl 54290 0.0 0.0 13444 3056 1 R+J 12:58 0:00.00 ps auwwx dvl@tm:~ $
This solution is working for me. Although I have yet to get a full backup completed. They are in progress as I type this.
