Creating a Time Capsule instance using Samba, FreeBSD, and ZFS (latest)

This is a rewrite of a previous post on the same subject. I have rewritten it because I created a new jail (tm) and I’m using a different configuration now.

I recently moved a Time Capsule instance from a FreeBSD host into a jail. Later, I moved to using Samba instead of AFP. Why? Samba seems to be the preferred solution because AFP has been deprecated. It still works, but let’s go Samba.

In this post:

  • FreeBSD 14.0
  • Samba 4.16.11

This is a summary

I’m not going into details about creating a jail, configuring it, etc. I don’t show how to install the packages or create the users. This is mostly about Samba in the jail.

Jail configuration

This is the configuration for my tm jail:

# stuff at the top of my /etc/jail.conf file which affect the jail in question
# For your location, try not using them and see how it goes.

$NIC = "bridge0";
path = /jails/$name;
host.hostname = "$";

tm {
    ip4.addr = "$NIC|";

    enforce_statfs = "1";


NOTE: This configuration stopped working for me. I don’t know why. I am now using the configuration shown at this FreeBSD Forums post. In my previous post, I was using this FreeBSD Forums post as a starting point.

I installed Samba 4.16.11 and used this configuration file (/usr/local/etc/smb4.conf):

[21:07 tm dvl ~] % cat /usr/local/etc/smb4.conf 
# This instance is used only for Time Machines. Nothing else.
# from


# I selected a name which did not match any other workgroup in my network.
workgroup = TimeMachine

# add these two lines to avoid smbd_open_one_socket: open_socket_in failed: Protocol not supported
bind interfaces only = yes
interfaces = bridge0

# The IP address of my jail is
remote announce =
security = user
encrypt passwords = yes

# I keep this here as a reminder, but I'm not using it.
# re:
#server min protocol = SMB2

# I'll show you later how I create that path
path = /usr/local/timemachine/%U

# Taken from

fruit:aapl = yes
fruit:nfs_aces = yes
fruit:copyfile = no
fruit:model = MacSamba

vfs objects = acl_xattr catia fruit streams_xattr
fruit:resource = file
fruit:time machine = yes
fruit:time machine max size = 1950G
fruit:metadata = netatalk
fruit:locking = netatalk
fruit:encoding = native
public = no
writable = yes
printable = no
create mask = 0664
directory mask = 0755

comment = Time Machine

Create user passwords

This section deals with Samba users. A later section deals with Unix users in the jail.

I will create a Samba login for each device which will be backed up. Here is the first one. NOTE that I first created the dvl-pro03 using adduser. Actually, I just copy/pasted entries from vipw in the other TimeCapsule instance. If you’re not duplicating an existing instance, you probably want to run adduser before running this command:

[12:50 tc dvl ~] % sudo smbpasswd -a dvl-pro03
New SMB password:
Retype new SMB password:
Added user dvl-pro03.

I think the Samba passwords are stored here:

[12:53 tc dvl ~] % sudo ls -l /var/db/samba4/private
total 115
-rw-------  1 root wheel 421888 Jan  6 17:57 passdb.tdb
-rw-------  1 root wheel 430080 Nov  9 19:45 secrets.tdb

The storage location

I won’t show you the creation, but I’ll show you the datasets:

[21:12 r730-03 dvl ~] % zfs list -r data01/timemachine
NAME                           USED  AVAIL  REFER  MOUNTPOINT
data01/timemachine             577G  4.24T   104K  /jails/tm/usr/local/timemachine
data01/timemachine/dvl-air01   302G  4.24T   302G  /jails/tm/usr/local/timemachine/dvl-air01
data01/timemachine/dvl-pro02   254G   496G   254G  /jails/tm/usr/local/timemachine/dvl-pro02
data01/timemachine/dvl-pro03  21.0G  4.24T  21.0G  /jails/tm/usr/local/timemachine/dvl-pro03

As you can see, the point point is directly into the jail.

I have three datasets, one for each laptop being backed up (air01, pro02, and pro03).

Unix users within the jail

This section deals with Unix users. A later section deals with Samba users.

I won’t go into user creation, but:

[21:22 tm dvl ~] % grep dvl- /etc/passwd
dvl-air01:*:1008:1008:For backing up air01:/home/dvl-air01:/bin/sh
dvl-pro02:*:1009:1009:For backing up pro02:/home/dvl-pro02:/bin/sh
dvl-pro03:*:1012:1012:For backing up pro03:/home/dvl-pro03:/bin/sh

Also, in this jail, those home directories do not exist. I copied the users over from another host (i.e. my previous TimeMachine solution): I opened vipw on one host, and copy/paste into another. This creates the users but does not create the home directories. I did similar for /etc/group for those users.

I created separate Unix users for each laptop I’m backing up. I’m not sure why. However, this sure looks right to me:

[21:11 tm dvl ~] % cd /usr/local/timemachine 
[21:16 tm dvl /usr/local/timemachine] % ls -l
total 74
drwxr-xr-x  3 dvl-air01 dvl-air01 4 2024.01.06 19:07 dvl-air01/
drwxr-xr-x  3 dvl-pro02 dvl-pro02 4 2024.01.06 07:29 dvl-pro02/
drwxr-xr-x  3 dvl-pro03 dvl-pro03 4 2024.01.06 18:38 dvl-pro03/
[21:16 tm dvl /usr/local/timemachine] % ls -ld .
drwxr-xr-x  5 root wheel 5 2024.01.03 18:50 ./
[21:16 tm dvl /usr/local/timemachine] % 

Each backup area is owned by a different user.

I see now my future experiment is chmod 0740 on each of those directories. But not today. There are backups in progress as I type.

Please let me know your results in that area.

Enabling and starting Samba

Here we go, the big event…

[12:55 tm dvl ~] % sudo service samba_server start             
Cannot 'start' samba_server. Set samba_server_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
[12:55 tm dvl ~] % sudo service samba_server enable 
samba_server enabled in /etc/rc.conf
[12:55 tm dvl ~] % sudo service samba_server start 
Performing sanity check on Samba configuration: OK
kldload: can't load fdescfs: Operation not permitted
/usr/local/etc/rc.d/samba_server: WARNING: Unable to load kernel module fdescfs
/usr/local/etc/rc.d/samba_server: WARNING: samba_server: cannot fdescfs mount to /var/run/samba4/fd
Starting nmbd.
Starting smbd.
[12:55 tm dvl ~] % 

I needed to add mount.devfs; to my jail configuration. I stopped the jail, added it, and started the jail. The jail configuration at the top of this post includes thata.

After restarting, Samba was running:

dvl@tm:~ $ ps auwwx
dvl    54286  0.1  0.0  21508  10076  -  SJ   12:58   0:00.00 sshd: dvl@pts/1 (sshd)
root   53115  0.0  0.0  12868   2700  -  SsJ  12:57   0:00.00 /usr/sbin/syslogd -s
root   53171  0.0  0.0  40336  19164  -  SsJ  12:57   0:00.00 /usr/local/sbin/nmbd --daemon --configfile=/usr/local/etc/smb4.conf
root   53175  0.0  0.4 173948 266824  -  IsJ  12:57   0:00.35 /usr/local/sbin/smbd --daemon --configfile=/usr/local/etc/smb4.conf
root   53182  0.0  0.0  12908   2496  -  IsJ  12:57   0:00.00 /usr/sbin/cron -s
root   53217  0.0  0.0  21068   9232  -  SsJ  12:57   0:00.00 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd)
nagios 53229  0.0  0.0  16944   6268  -  IsJ  12:57   0:00.00 /usr/local/sbin/nrpe -c /usr/local/etc/nrpe.cfg -d
root   53401  0.0  0.3 132036 186900  -  SJ   12:57   0:00.00 /usr/local/sbin/smbd --daemon --configfile=/usr/local/etc/smb4.conf
root   53433  0.0  0.3 132028 186884  -  SJ   12:57   0:00.00 /usr/local/sbin/smbd --daemon --configfile=/usr/local/etc/smb4.conf
root   54284  0.0  0.0  21508   9788  -  SsJ  12:58   0:00.02 sshd: dvl [priv] (sshd)
dvl    54287  0.0  0.0  13580   3436  1  SsJ  12:58   0:00.00 -sh (sh)
dvl    54290  0.0  0.0  13444   3056  1  R+J  12:58   0:00.00 ps auwwx
dvl@tm:~ $ 

This solution is working for me. Although I have yet to get a full backup completed. They are in progress as I type this.

Website Pin Facebook Twitter Myspace Friendfeed Technorati Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top