Using Linux or Windows as a Time Machine network server
Samba, in its simplest form, is a program for Linux, FreeBSD, Windows (via WSL), etc. that enables you to share storage attached to a server with any other device in the network. It uses the SMB protocol, originally a proprietary protocol designed by Microsoft for sharing files between a Windows server and workstation. Nowadays, SMB is the standard protocol regardless of operating system.
macOS’s amazing Time Machine feature can make backups either to a local drive (whether connected externally or internally), or to a network share. Unfortunately, the way Apple has implemented it, not just any network share can be used — the server has to mark it as a Time Machine-capable share.
The Samba project recently merged the support necessary for macOS to “see” an SMB shared folder as capable of being a network Time Machine share. That’s the good news. The bad news is that your favorite Linux distro probably doesn’t have this version (4.8.0) and likely won’t until the distro’s next major release.
Until that time, you’ll need to build Samba from source. Skip past this section if your distro already comes with Samba 4.8.0 or newer. Ubuntu 18.10 and Debian Buster do have 4.8.x.
Start by downloading the latest version of the Samba source.
mkdir ~/build cd ~/build wget --content-disposition https://github.com/samba-team/samba/archive/samba-4.9.2.tar.gz tar -xf samba-samba-*.tar.gz cd samba-samba-*/ Before we build, install the build dependencies, and (if needed) uninstall the currently installed copy of Samba. This, of course, varies based on the package manager your distro uses. Here is how it would be done with Debian or Ubuntu:
sudo apt remove samba sudo apt autoremove # (clear out the now-unused Samba dependencies) sudo apt install build-essential avahi-daemon tracker libtracker-sparql-1.0-dev sudo apt build-dep samba Now we can build and install:
DEB_HOST_MULTIARCH=$(dpkg-architecture -qDEB_HOST_MULTIARCH) ./configure \ --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc \ --localstatedir=/var --libdir=/usr/lib/$DEB_HOST_MULTIARCH \ --with-privatedir=/var/lib/samba/private \ --with-smbpasswd-file=/etc/samba/smbpasswd \ --enable-fhs --enable-spotlight --with-systemd make -j$(nproc) sudo make install sudo cp bin/default/packaging/systemd/*.service /lib/systemd/system sudo systemctl daemon-reload sudo systemctl enable nmb,smb,winbind>.service sudo systemctl start nmb,smb,winbind>.service Again, this is pretty specific to Debian/Ubuntu. $DEB_HOST_MULTIARCH is, for instance, x86_64-linux-gnu on a 64-bit PC, or aarch64-linux-gnu on a Raspberry Pi 3. If you’re not on a systemd-based distro, remove —with-systemd , and replace the last few systemd-related lines with calls to the init scripts:
for i in nmb smb winbind; do sudo /etc/init.d/$i start; done Newer distros (at least the case with Ubuntu 17.10) may have libtracker-sparql version 2 rather than 1. It doesn’t seem Samba’s Spotlight feature supports version 2 yet, so just remove —enable-spotlight in this case.
Hopefully, you’ll now have your own copy of Samba built and running. Disconnect and reconnect to your shares on your Mac to double-check that it’s working fine.
You’ll need to do some additional work to set up Tracker, the search backend. (I really wish this part were much easier.)
A Time Machine share is for the most part no different from any other share. The five parts required to enable Time Machine support are:
- The fruit module, which provides Apple’s proprietary extensions to SMB,
- The catia module, which maps the encoding of filenames that macOS expects to a form most native Linux filesystems can support,
- The streams_xattr module, which maps macOS’s extended attributes to a separate AppleDouble file,
- Optionally, the spotlight module, which builds a Spotlight search index on the server to speed up discovery of files in the backup, and
- Avahi, a multicast (aka Bonjour) daemon for Linux, used here to allow Macs on the network to discover the Time Machine share.
Importantly, Avahi support is intentionally disabled in Debian and Ubuntu’s builds of Samba, and Spotlight support is not enabled. These are both features you can live without; you can manually configure Avahi to advertise the services, and a Spotlight index is recommended but entirely optional. Since we’re building from source here, we’ll just pick the easier option of having them both enabled for us.
Edit /etc/samba/smb.conf (this assumes you already have one or understand how to create one), and fill in the details for your Time Machine share:
[timemachine] comment = Time Machine path = /data/backup/timemachine browseable = yes writeable = yes create mask = 0600 directory mask = 0700 spotlight = yes vfs objects = catia fruit streams_xattr fruit:aapl = yes fruit:time machine = yes - Defines a share called timemachine ,
- Sets its location on the server to /data/backup/timemachine (you should change this to suit your setup),
- Enables authorised users to read and write to it,
- Sets tight file and directory permissions so only the original owner can access their own files,
- Enables Spotlight indexing on the share,
- Enables the VFS modules that were discussed above, and
- Enables the Apple extensions, and instructs fruit to set the Time Machine flag on the share.
Save this, and create the directory you specified. After restarting smbd as per usual ( sudo systemctl smb restart or sudo /etc/init.d/smb restart ), open Finder on a Mac. As long as no firewall is blocking it, in the Shared section of the sidebar, you’ll see your server’s hostname.
This is one part of the Avahi functionality — any device that supports multicast discovery (mostly Macs, but other devices can too) will now discover the server while performing a search for SMB services on the network. The second part is the ability for the Time Machine preferences pane to list it as an available destination for backing up to.
In the Time Machine pane of System Preferences, click “Select Disk…”. The share will appear. Select it, enter your password, and it’ll instantly begin making an initial backup to it.
If the share doesn’t appear due to a firewall blocking multicast packets, or because the server is external to your network, you can force it to be used anyway by running the following in Terminal on the Mac:
This will force Time Machine to connect to the specified server hostname or IP, using the specified username ( kirb ) and password ( mypassw0rd ), and back up to the specified share. The share still needs to have the Apple extensions enabled.
Using this method, you could store your Time Machine backup offsite on a server located in a datacenter or colocation service. (Personally, I prefer this job to be handled by Backblaze 1 , alongside Time Machine for local backup.)
I’ve been running this for a few days and so far the only trouble I’ve had is that Time Machine will compare the size of the backup to the available space reported by the server, but as you can see in the above screenshot, ZFS indicates far less than the actual capacity I have available (4 TB). The only workaround I’ve found is to make a first backup with some larger directories excluded, which will make ZFS eventually indicate more space is available. Then, remove those exclusions, and on the next backup it will work fine.
To make the most of your available space, you might consider enabling compression at the filesystem level. ZFS supports this. I created my backup volume like so:
sudo zfs create meteor/backup -o mountpoint=/data/backup -o compression=on -o quota=2T This mounts the volume at /data/backup, enables compression, and ensures this volume can’t grow larger than 2 TB (so that the other 2 TB remains available for my own storage). This, of course, expects your server to have a reasonably fast CPU with a reasonable number of cores so your backups and restores don’t become extremely slow while the server produces large amounts of heat. Any Core i3/i5/i7 server is probably perfectly fine, but decide for yourself what you’re comfortable with.
By the way, if you have a Mac running macOS High Sierra or newer that you use as a server, you can now create a Time Machine share directly from the Sharing preferences pane, rather than having to buy and install macOS Server:
- Affiliate link, but surely you won’t mind me gaining $5 in credit for the hours I spent researching and writing this article? ↩
Timemachine to Linux Server
Here I document my setup of networked Time Machine backups to my linux server over Samba (SMB), which should be faster than AFS. The data is stored on a USB disk connected to the server formatted with zfs .
Ideally I would be able to backup over network, and unplug the disk from the server to directly restore from it, however the networked Time Machine backup is of different structure than a backup to a directly connected disk, so that’s still on the wishlist.
Setup
- ZFS to protect against bitrot (not sure if this works on encrypted disk images, but let’s try anyway) and because we can
- 2 MacOS clients, one will get 1.2TB quota (MacBook Pro, mbp), the other 0.3TB (MacBook Air, mba).
- 1 Ubuntu 20.04 LTS server
Installation
- Prepare disk
- Install ZFS on Ubuntu
- Partition disk – NB ensure you use static labels or else your pools might disappear! (If they did disappear, you debug sudo zdb , search sudo zpool import and import them again: zpool import -d /dev/disk/by-id )
blkid parted /dev/disk/by-id/ mklabel GPT qsudo zfs create pool0/timemachinembp sudo zfs set quota=1200G pool0/timemachinembp sudo zfs create pool0/timemachinemba sudo zfs set quota=300G pool0/timemachinemba zfs listsudo hd-idle -t disk/by-id/wwn-0x3e41415851524c4a # optionally test oncecat # TvW 20210313 Setting up hd-idle for USB disk HD_IDLE_OPTS="-i 0 -a disk/by-id/wwn-0x3e41415851524c4a -i 3600 -l /var/log/hd-idle.log" START_HD_IDLE=true EOF sudo service hd-idle start grep hd-idle /var/log/syslog(sudo crontab -l 2>/dev/null; echo "@reboot hd-idle -a disk/by-id/wwn-0x3e41415851524c4a -i 3600 -l /var/log/hd-idle.log";) | sudo crontab -cat /var/log/hd-idle.log missingok notifempty compress delaycompress > EOFsudo useradd --no-create-home --home-dir /pool0/timemachinembp --shell /usr/sbin/nologin backupmbp sudo useradd --no-create-home --home-dir /pool0/timemachinemba --shell /usr/sbin/nologin backupmbasudo chown backupmbp:backupmbp /pool0/timemachinembp sudo chown backupmba:backupmba /pool0/timemachinemba sudo chmod o-rx /pool0/timemachinembp,mba>openssl rand -base64 20 sudo smbpasswd -a backupmbp sudo smbpasswd -e backupmbp openssl rand -base64 20 sudo smbpasswd -a backupmba sudo smbpasswd -e backupmba[timemachinembp] comment = Time Machine MBP path = /pool0/timemachinembp valid users = backupmbp browseable = yes writeable = yes create mask = 0600 directory mask = 0700 spotlight = yes vfs objects = catia fruit streams_xattr fruit:aapl = yes fruit:time machine = yes [timemachinemba] comment = Time Machine MBA path = /pool0/timemachinemba valid users = backupmba browseable = yes writeable = yes create mask = 0600 directory mask = 0700 spotlight = yes vfs objects = catia fruit streams_xattr fruit:aapl = yes fruit:time machine = yesload printers = no printing = bsd printcap name = /dev/null disable spoolss = yessudo systemctl restart smbd tail -n 50 /var/log/samba/log.smbddaemon_ready: daemon 'smbd' finished starting up and ready to serve connectionszpool status sudo zpool import -c /etc/zfs/zpool.cache sudo zpool import sudo zpool import pool0 sudo zpool status sudo zfs umount pool0Configuration on Mac
- Create sparse encrypted disk image using Disk Utility on network (Samba) share, naming as NAME_MACADDRESS.sparsebundle (NAME from scutil —get ComputerName and MACADDRESS from ifconfig en0 | grep ether sans colons), with fixed size to constrain Time Machine disk use.
- Mount said disk image, store password in Keychain to allow MacOS Time Machine to mount/unmount by itself (maybe this is not necessary)
- Tell Time Machine to use the network volume: sudo tmutil setdestination -a /Volumes/
- Enter network share credentials & disk image password
If you accidentally delete the Time Machine destination
- Tell Time Machine to use the network volume again: sudo tmutil setdestination -a /Volumes/
- Tell Time Machine to use the existing backup.