Monday, March 15, 2010

Setting up a Time Machine server on Ubuntu 9.10 or 10.04

After looking at several websites, most notably kremalicious, bob's notepad, I finally figured out the easiest way to set up my Ubuntu 9.10 server as a time machine server today. The older methods no longer apply when using netatalk 2.0.5.

This new easy way uses the latest netatalk 2.0.5 which has a new option called the "timemachine" option (options:tm). Unlike previous versions, this version does not need to be recompiled with "ssl" support because it is using a new library (uams_dhx2). This library allows me to login from both my Mac computers running 10.5.8 and 10.6.2.
aleem@sidi-desktop:~$ ps -ef | grep afpd
root 25883 1 0 01:38 ? 00:00:00 /usr/sbin/afpd -U uams_dhx2.so,uams_clrtxt.so -g nobody -c 50 -n sidi-desktop
Here is how to do it.

Install and Configure Netatalk

If you are using Ubuntu 9.10, like I am, then you need to get and install the following 3 packages from packages.debian.org, in this order. Ignore the message from the package installer that tells you there is an older version in the repository that is recommended.

libdb4.8
libgcrypt11
netatalk2.0.5

If you are using Ubuntu 10.04, just open up synaptic package manager, and download/install the netatalk package. Its that simple.

That's basically it. Keep the files /etc/default/netatalk, /etc/netatalk/afpd.conf, as the defaults. The only file that has to be changed is /etc/netatalk/AppleVolumes.default. My files look like this. (important bits shown):

/etc/default/netatalk:

Notice that #AFPD_UAMLIST is commented out (default)
Notice that
AFPD_RUN=yes
# specify this if you don't want dhx and dhx2
# available options: uams_guest.so, uams_clrtxt.so,
# uams_dhx.so, uams_dhx2.so,
# uams_randnum.so
#AFPD_UAMLIST="-U uams_dhx2.so,uams_clrtxt.so"

# Change this to set the id of the guest user
AFPD_GUEST=nobody
# Set which daemons to run (papd is dependent upon atalkd):
ATALKD_RUN=no

PAPD_RUN=no

CNID_METAD_RUN=no

AFPD_RUN=yes

TIMELORD_RUN=no
A2BOOT_RUN=no
/etc/netatalk/afpd.conf:

Leave the last line commented out (which is how it is if you didn't touch anything).
Basically everything in this file is commented out
# - -transall -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword
/etc/netatak/AppleVolumes.default:

In my case, I created a brand new partition called /TimeMachine on my Ubuntu linux server. You can specify any directory on your linux box as long as everyone has read/write permissions on it.
# By default all users have access to their home directories.
#~/ "Home Directory"
/TimeMachine "TimeMachine" options:tm
You can replace /TimeMachine with a directory in your home drive, example :
/home/aleem/TimeMachine "TimeMachine" options:tm
The important bit here is the "options:tm" part. Other than that, nothing else needs to be speicified.

Also make sure everyone has read/write permissions to the directory you are sharing:
aleem@sidi-desktop:/$ ls -la | grep TimeM
drwxrwxrwx
10 root root 4096 2010-03-15 13:43 TimeMachine
In order to have read/write permissions to the directory you need to do:
aleem@sidi-dekstop:/$ sudo chmod a+rw /TimeMachine
(or /home/aleem/TimeMachine, whatever you decided was your directory)

In case you're interested, the filesystem on which my TimeMachine directory lies is formatted ext3.

After modifying this file (AppleVolumes.default), just restart netatalk:
aleem@sidi-dekstop:/$ sudo /etc/init.d/netatalk restart
You should see the apfd daemon running at this point:
aleem@sidi-desktop:/$ ps -ef | grep afpd
root 25883 1 0 01:38 ? 00:00:00 /usr/sbin/afpd -U uams_dhx2.so,uams_clrtxt.so -g nobody -c 50 -n sidi-desktop
If all is good at this point, you should be able to go on any mac on your network and connect to the directory that you shared.

Do this by opening a finder window and selecting "Go, Connect to Server...". Under "Server Address" you should put in the IP of your linux server:

In my case:

Server Address: afp://192.168.2.11

Finder should ask you to login. Use any login name for a valid user on your linux box. This is the username/password you use to log into your ubuntu session.

If everything worked out well, you should be seeing the contents of your empty TimeMachine directory on your mac. Check to see you can create a file in this directory (to make sure you have read/write permissions).

If you were not able to log in, (your Mac told you your username/password were wrong, or something else happened) look in /var/log/daemon.log on your linux server. There are often very useful debug messages at the bottom of this file.

Configure Avahi

The next step is to make the share just show up on the side of your MAC finder windows under "SHARED", so that you don't have to go and select "Go, Connect to Server..." as we did above.

If all your packages are up to date on Ubuntu 9.10, avahi is already installed. All you have to do is create a file called /etc/avahi/services/afpd.service with the contents.

(taken straight out of this article)
aleem@sidi-desktop:/etc/avahi/services$ sudo gedit afpd.service
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>
At this point, no need to restart avahi, your server should automatically pop up on the left hand side of your Mac Finder window. In my case it's called "sidi-desktop".


Make your Mac Use Network Volumes for Time Machine Backups

At some point it was important to run this command on your Mac using Terminal (Applications, Utilities, Terminal). However with the "options:tm" specified above, this is no longer necessary.
[aleems-mac-mini: ~] aleem% defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
(no longer need to type this in Terminal)
Open up Time Machine Preferences on your Mac and Select your TimeMachine volume to back up

So that's it! Nothing more. Now you can go to your Time Machine settings on the Mac, and your TimeMachine share should show up. If it doesn't make sure it is mounted in finder (i.e. it appears with an eject symbol next to it on the left side of the finder window under SHARED)


Have fun backing things up.

33 comments:

  1. All tricks I've read about network TimeMachine where using disc images, with big performance issues when growing, is this different?

    ReplyDelete
  2. Taken from another blog:
    "The technical reason why Apple limits Time Machine to 10.5 AFP volumes appears to be to prevent disk image corruption. There were additional features added to AFP in 10.5 to support Time Machine. These presumably allow the disk image engine to force disk image journal data to write out all the way to the disk. Without such features, a network interruption can result in a corrupted filesystem on the disk image despite journaling. Remember, journaling relies on the journal being written all the way to disk before the changes take place. If you can't guarantee that (e.g., because of network/NAS buffering) then the journal is useless. Time Machine appears to rely heavily on disk journaling to deal with network drop-outs, interrupted backups, and the like. Take this away and your data is at risk.

    "If the NAS you are using supports these features it should report them to the OS and you should natively be able to choose that volume. If you have to trick the OS to use the volume it means the NAS does not support it.

    To summarize: if you care about your backup data you should avoid using non-natively supported AFP servers"

    I guess with options:tm this enables your afp volume to support the additional features required by afp in 10.5 to support time machine. The tricks that were used before were to get around this.

    Short answer -- if you are using netatalk 2.0.5, and options:tm in your AppleVolumes.default file, no need to do any tricks.

    ReplyDelete
  3. I have also not had any performance issues yet, my disk images are 60G and 80G for each of my macs.

    Time will tell if this will become a problem.

    ReplyDelete
  4. All this is really great, thanks a lot for the answer on the trick stuff.

    ReplyDelete
  5. Thanks it is a very useful article

    ReplyDelete
  6. Thanks! This is the only up to date guide I could find, and it works! :D

    ReplyDelete
  7. I got an update regarding time machine yesterday, and now Time Machine no longer works for me on AFP nor SMB. Anyone in the same situation ?

    ReplyDelete
  8. Hello Anonymous, did you try the suggestion in this article (repairing your remote sparsebundle using disk utility?)
    http://discussions.apple.com/thread.jspa?threadID=2397939&tstart=1

    ReplyDelete
  9. In Lucid Lynx the right version of netatalk is in the repos. Just apt-get install netatalk. You still need to edit the conf like above obviously.

    Once installed, if the volume was previously shared, you need to remove the .AppleDesktop .AppleDouble and .AppleDB folders before you can connect again via osx.

    If you had a time machine volume on there you may need to go back into time machine and select the backup volume again, but it found it and resumed like nothing ever happened for me.

    ReplyDelete
  10. Anonymous.. I have all the latest updates to time machine and there is nothing broken for me. I think your sparebundle might be corrupted.

    ReplyDelete
  11. Great! Thanks for the update- had been working from kremalicious's notes, but this 2010 update with the comments for Netatalk 2.0.5 is just the trick! Cheers :)

    ReplyDelete
  12. Hi, I have Ubuntu 8.04 computer, and iMac 10.5.8. Can you explain how to do this Time Machine fix on Ubuntu 8.04? I am very new to Linux. Right now, Ubuntu 8.04 computer is on home network using smb only. I need to be able to have Time Machine on iMac do backups to Ubuntu 8.04 computer. Thanks

    ReplyDelete
  13. Hi again, I re-tried this and can't get it to let me log on with "go to server", I went to the daemon log like you suggested and here is what it says. Can you help me figure this out?

    Sep 6 01:25:18 www winbindd[5398]: Possible deadlock: Trying to lookup SID S-1-22-1-65534 with passdb backend
    Sep 6 01:25:18 www winbindd[5398]: [2010/09/06 01:25:18, 0] nsswitch/winbindd_passdb.c:sid_to_name(130)
    Sep 6 01:25:18 www winbindd[5398]: Possible deadlock: Trying to lookup SID S-1-1-0 with passdb backend
    Sep 6 01:25:18 www winbindd[5398]: [2010/09/06 01:25:18, 0] nsswitch/winbindd_passdb.c:sid_to_name(130)
    Sep 6 01:25:18 www winbindd[5398]: Possible deadlock: Trying to lookup SID S-1-5-2 with passdb backend
    Sep 6 01:25:29 www winbindd[6311]: [2010/09/06 01:25:29, 0] nsswitch/idmap.c:idmap_alloc_init(750)
    Sep 6 01:25:29 www winbindd[6311]: ERROR: Initialization failed for alloc backend, deferred!
    Sep 6 01:25:29 www winbindd[6311]: [2010/09/06 01:25:29, 0] nsswitch/idmap.c:idmap_alloc_init(750)
    Sep 6 01:25:29 www winbindd[6311]: ERROR: Initialization failed for alloc backend, deferred!
    Sep 6 01:25:29 www winbindd[5398]: [2010/09/06 01:25:29, 0] nsswitch/winbindd_passdb.c:sid_to_name(130)
    Sep 6 01:25:29 www winbindd[5398]: Possible deadlock: Trying to lookup SID S-1-22-1-65534 with passdb backend
    Sep 6 01:25:29 www winbindd[5398]: [2010/09/06 01:25:29, 0] nsswitch/winbindd_passdb.c:sid_to_name(130)
    Sep 6 01:25:29 www winbindd[5398]: Possible deadlock: Trying to lookup SID S-1-1-0 with passdb backend
    Sep 6 01:25:29 www winbindd[5398]: [2010/09/06 01:25:29, 0] nsswitch/winbindd_passdb.c:sid_to_name(130)
    Sep 6 01:25:29 www winbindd[5398]: Possible deadlock: Trying to lookup SID S-1-5-2 with passdb backend

    ReplyDelete
  14. Hi Anonymous,

    I haven't tried it yet on 8.04.. I am just getting back from vacation. I will take a look and let you know.

    cheers,
    Aleem.

    ReplyDelete
  15. This is great, thank-you. Just did it on my lucid 10.04 install and it worked a charm - just as tranqy said above, it works without installing anything before "sudo apt-get install netatalk". After that follow the config instructions and you're off to the races.

    Thanks,

    Simon

    ReplyDelete
  16. Dear Anonymous using 8.04, what is the output of the command :

    % ps -ef | grep afpd

    on your server?

    ReplyDelete
  17. I tried couple of time to set it up and it would not work, but once I stopped the UFW (firewall) everything started to work. Question is what are the ports that are preventing this to work.

    ReplyDelete
  18. Lucian: I just looked this up on the web.. I haven't tried it. But according to the apple support website I think AFP is TCP port 548:

    Well known TCP and UDP ports used by Apple software products

    http://webcache.googleusercontent.com/search?q=cache:gtrTktHmW90J:support.apple.com/kb/ts1629+afp+ports&cd=1&hl=en&ct=clnk&client=ubuntu

    ReplyDelete
  19. Worked great! No more recompiling netatalk with ssl woo hoo!

    ReplyDelete
  20. Thanks! Works great and seems to be faster than smb!

    ReplyDelete
  21. "If you are using Ubuntu 10.04, just open up synaptic package manager, and download/install the netatalk package. Its that simple."

    That doesn't install 2.0.5 - which for some reason appears to be missing from everywhere (including the link you provide).

    ReplyDelete
  22. Hi Anonymous-having-problems-installing-2.0.5:

    Are you sure you have Ubuntu 10.04.. In synaptic for me, the most recent version of netatalk from the repos is 2.0.5-3. All this comes from the repositories, so it should show you the same unless you have added some other 3rd party repos

    ReplyDelete
  23. thanks for telling me about the dead link. I will change it..

    ReplyDelete
  24. Update... It looks like the package has been removed from the debian ftp site and replaced with version 2.1.4 here:
    http://ftp.us.debian.org/debian/pool/main/n/netatalk/netatalk_2.1.4-1_i386.deb
    I have not yet tried to install it, but you may have some other dependencies to install. If anyone is successful at installing this package let me know and I will change the links at the top of this page to point to the new packages.

    ReplyDelete
  25. I think you should add the _adisk._tcp service to your Avahi entries. That way you don't have to mount the share before Time Machine can see it.

    Apple documents part of that record with their document "Time Machine Network Interface Specification"
    http://developer.apple.com/library/mac/#documentation/NetworkingInternetWeb/Conceptual/TimeMachineNetworkInterfaceSpecification/TimeMachineRequirements/TimeMachineRequirements.html#//apple_ref/doc/uid/TP40008951-CH100-SW1

    ReplyDelete
  26. Update.. I have put back the packages for the 9.10 installation instructions.

    Should work beautifully again.

    Anonymous, thanks for your suggestion. I think I have tried adding this service (_adisk_.tcp), but in order to do it, and in order for it to work, from what I remember, I think the computer running the netatalk service has to be connected to the clients in such a way that they can see its MAC address. In my case this doesn't work because I am connected through a router. I think if I made my linux server a dhcp server, and assigned my clients IP addresses using it, then this would work. I was never able to get it to work any other way.

    ReplyDelete
  27. thank you for such a useful article. I really enjoyed it till the last. I tired it and it worked great for me...thanks a ton :)

    ReplyDelete
  28. Thanks for a great article! I set up my server to be used as a time machine backup using this guide and the latest version of netatalk, and it is working great.

    I will add that my server shows up as a "computer" in finder, not an ejectable disk like you show, but that doesn't seem to affect time machine.

    ReplyDelete
  29. Coffee Machine Repair in Manchester. We specialise in the repair of all ... for all types of catering equipment. Commercial Coffee machine Manchester Repairs. This Is A Nice Blog.

    ReplyDelete
  30. This is great! It really shows me where to expand my blog. I think, in future I must try to write a book to go along with my blog, but we will see. In the end, it’s a good post with useful tips and ideas. Water Filtration Shamong NJ All Safewater is a private owned water treatment company serving Burlington County Our goal is to make sure your water is safe for you and your family to drink and bath in. We understand the crunch of rising costs and do our best to provide affordable systems while providing top quality.

    ReplyDelete
  31. Pretty great post. I just stumbled upon your weblog and wanted to say that I've really enjoyed surfing around your blog posts. After all I will be subscribing for your feed and I'm hoping you write again very soon!

    ReplyDelete