SMB Time Machine support

[wiza]

Hi,

Could you add Time Machine support to SMB to get right settings out-of-the-box?

SMB is afaik now preferred over AFP and it's more mature anyway.

[phillxnet]

@wiza Thanks for the request. I didn't know this was a thing. Good to know and I agree it would be nice to have this as a UI option for an SMB export.

Please feel free to paste useful links on what version of Samba etc we need and the specific config settings and what not into this issue as it could help whoever gets around to implementing this. Assuming we have an adequately up to date samba in the first place.

Also on a quick look it seems that this is a thing only from Sierra on wards (10.12), so that's something we would have to account for within the UI as well; ie to avoid mis-configurations for those on older OS X.

Linking to Apple's SMB server spec for this feature:
https://developer.apple.com/library/content/releasenotes/NetworkingInternetWeb/Time_Machine_SMB_Spec/

So a simple howto on configuring samba for this (and the required version) along with some proof of concepts and we should be set to implement this.

Does look like the required "fruit" settings were added in Samba 4.8 though and we only carry Samba 4.6.2 currently (although this will change in time):
https://bugzilla.samba.org/show_bug.cgi?id=12380

[global]
fruit:aapl = yes
fruit:time machine = yes

Although a share specific option would be preferred of course.

Thanks again for bringing this up. Bound to make things easier on the OS X Time Machine side and tiresome to have to enable AFP only for Time Machine.

[wiza]

I can test it if you get 4.8 available (to find settings etc). Basically it should be just those options to samba (maybe few extras) and avahi service file.

[TexasDex]

Most modern macs won't do TimeMachine over AFP anymore, so this is definitely a must-have for me. I got it running on Ubuntu Server 18.04 using these instructions.

[wiza]

AFP still works but is deprecated. Rockstor (and CentOS 7) has too old Samba so it needs to be compiled. If I have time, I'll try to use current spec-file and build a new one, but wouldn't hold my breath.

[legbandj]

Attempting to setup TimeMachine backup from my Mac (running Mojave 10.14) on Rockstor (3.9.2-40) is causing netatalk to reload. If AFP is no longer appropriate for TimeMachine targets on NAS, then SAMBA is the way forward.

I'd be happy to help test TimeMachine on SMB.

[TexasDex]

According to Apple's knowledge base, All macs with flash storage are converted to APFS upon upgrade to High Sierra, and macs with APFS can only use TimeMachine over SMB. So it's basically broken for all new mac users.

[wiza]

No it isn't, we have 2 macs with Mojave nicely backing up to time machine on AFP.

However, in future macos releases afp support will be removed. Next RHEL (and thus CentOS) 7.6 should include newer Samba with needed options.

Source: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7-beta/html-single/7.6_release_notes/index

[phillxnet]

As of updating:

Our release base (moving towards legacy status) CentOS has current samba version:
Version : 4.7.1
Release : 9.el7_5

Our planned openSUSE Leap 15 base has:
Version : 4.7.8+git.86.94b6d10f7dd
Release : lp150.3.6.1

And our planned alternative base, Tumbleweed has:
Version : 4.9.1+git.96.c3bff26bf16
Release : 1.2

So by the time the dust settles and we are into our new run hopefully Leap 15 will also carry a samba >= 4.8 so we can add these options via a Web-UI component.

[wiza]

Umm, rockstor is moving away from CentOS and to openSUSE?

You do know RHEL 7.6 just came out so CentOS with new samba is days away?

BTW. why the OS change? Makes me look for alternatives :(

[TexasDex]

It's probably because RedHat is dumping support for Btrfs, which it doesn't consider stable enough for their enterprise customers. Honestly, given everything I've heard, I'm not sure they're wrong.

[wiza]

Just interested to see what happens to paid stable subscriptions. Do we get upgrade path that doesn't involve reinstalling os or do we just stop getting updates?

[wiza]

Stable has 4.8.3 now so you could add this while supporting both opensuse and current centos.

[wiza]

I actually now have it running :)

[phillxnet]

@wiza That's good to hear. A copy of you working config (relevant additions / subtractions) with regard to Rockstor's default config could help to nudge this one along a tad. Might also help others wanting to chip in on validating the most appropriate config for this setup.

[wiza]

My own is little polluted from earlier attempts but I did copy samba config from here:
https://kirb.me/2018/03/24/using-samba-as-a-time-machine-network-server.html

and avahi config from here:
https://www.reddit.com/r/homelab/comments/83vkaz/howto_make_time_machine_backups_on_a_samba/

Just need to change the share name on the avahi config to match samba share, also, did specify ip of rockstor.local on avahi config, otherwise it seems that ipv6 is preferred (even if disabled in avahi).

[FossPrime]

... I'm on rockstor 3.9.2-50. For some reason I have Samba 4.9.1, should I be concerned about updates happenening out of line with Rockstor's intent, or happy I can now enable time machine?

[root@big ~]# smbd --version
Version 4.9.1
[root@big ~]# yum info samba
Loaded plugins: changelog, fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.mirror.lstn.net
 * epel: fedora-epel.mirror.lstn.net
 * extras: mirror.netdepot.com
 * updates: centos.mirror.lstn.net
Installed Packages
Name        : samba
Arch        : x86_64
Version     : 4.9.1
Release     : 6.el7
Size        : 1.9 M
Repo        : installed
From repo   : base
Summary     : Server and Client software to interoperate with Windows machines
URL         : http://www.samba.org/
License     : GPLv3+ and LGPLv3+
Description : Samba is the standard Windows interoperability suite of programs for Linux and
            : Unix.

[wiza]

Nope, that's fine. Rockstor follows CentOS 7 packages (except kernel).

[phillxnet]

@rayfoss Hello again, re:

... or happy I can now enable time machine?

Just watch out for Rockstor 'rewriting' your config. That's about it really. We hope to enable this feature in the not too distant future anyway so do report here on your findings / what worked for your. Or if you fancy submitting a pull request of course. I imagine this feature being a simple tick box option myself.

[FroggyFlox]

@wiza , @TexasDex , @rayfoss , @phillxnet ,

I'd like to move forward with this but as I unfortunately do not have any OS X client, it is difficult for me to make sure the changes required are actually correct and appropriate. I would thus like to enlist your experience and help with that.

In order to keep things a little more simple and focused, I'm trying to first get the Samba portion right, and am thus thinking of leaving the share announcement part (done by Avahi) for later.

Thankfully, you all provided a lot of very helpful resources, so I tried to combine them with the Apple documentation (linked above by @phillxnet), the Samba wiki, and more importantly the vfs fruit manpage. This leads me to the following configuration that I would like to submit to you for feedback and possibly testing.

I thus gathered the following:

Global section

[Global]
# https://developer.apple.com/library/archive/releasenotes/NetworkingInternetWeb/Time_Machine_SMB_Spec/
min protocol = SMB3

fruit:model = MacSamba
fruit:aapl = yes

Share configuration

Let's set a share called TimeMachineBackup that will be used for that.

[TimeMachineBackup]
vfs objects = catia fruit streams_xattr
fruit:time machine = yes
fruit:metadata = stream
fruit:veto_appledouble = no
fruit:posix_rename = yes 
fruit:wipe_intentionally_left_blank_rfork = yes 
fruit:delete_empty_adfiles = yes 
fruit:encoding = private
fruit:locking = none
fruit:resource = file

As can see, a lot of these are the same as default settings for the fruit vfs module, but I still explicitly detail them here to make sure of it (and also for subject to debate if needed).

Of note here, is the following:

min protocol = SMB3

As mentioned, it is based on Apple's documentation that reads:

Time Machine is a technology for backing up computers to local and network volumes. This document describes the requirements for SMB servers to support Time Machine backups. These requirements are as follows:

• SMB protocol version 3.x, including SMB 3.x signing

We should be fine forcing SMB3, but as I don't have much experience in this, I wanted to make sure this was in fact necessary for Time Machine (it may automatically try to use SMB3 by itself without us specifying it in the conf, which I believe is the right way to go if that's the case), and also no too restrictive for other situations.

If you were to test this, I would, of course, recommend doing so in a non-production environment and make a backup copy of your current smb.conf file (located at /etc/samba/smb.conf). All these settings can be added and removed from Rockstor webUI directly:

• for the [global] section settings, simply add it to the custom global options text area when configuring the Samba service ("Services" page).
• for the per share settings, create a new share to be used for Time Machine test, and when exporting it via Samba, add the options listed below in the custom options text area.

Thanks to all of you for all the information you already provided; these were very helpful for me as I "only" had to put all these recommendations together with the different manpages.

[FroggyFlox]

@wiza , @TexasDex , @rayfoss , @legbandj, @phillxnet,

I've made further progress on this, and now have a branch with working front-end and back-end logic, but we would still need to verify the samba settings to make sure they work as intended. Moreover, I also now have a corresponding avahi service file which should take care of advertising the Time Machine-enabled shares.

I will summarize the settings below for a share named TimeMachine:

Samba

/etc/samba/smb.conf

[TimeMachine]
vfs objects = catia fruit streams_xattr
fruit:timemachine = yes
fruit:metadata = stream
fruit:veto_appledouble = no
fruit:posix_rename = no
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
fruit:encoding = private
fruit:locking = none
fruit:resource = file

Avahi

/etc/avahi/services/timemachine.service

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
 <name replace-wildcards="yes">%h</name>
 <service>
   <type>_smb._tcp</type>
   <port>445</port>
 </service>
 <service>
   <type>_adisk._tcp</type>
   <txt-record>sys=waMa=0,adVF=0x100</txt-record>
   <txt-record>dk0=adVN=TimeMachine,adVF=0x82</txt-record>
 </service>
</service-group>

As listed above, it would extremely helpful if some you could could compare this with your currently working config files, or even give these settings a try. It would allow us to finally support Time Machine via Samba "out-of-the-box" with a simple checkbox in the UI.

Thanks again a lot to all you for your constructive discussion above in this thread, and thanks in advance for any feedback you would have on these settings!