Multi-user Time Machine purpose

[pedz]

Search finds a nice thread on this topic but it references something that is gone. So... To start... I'm new to TrueNAS.

I created a Data set with nothing funny. Called it time_machine. It is case sensitive.

I created an SMP share and with Purpose I put Multi-user Time Machine. It then asks me to fiddle with the ACLs and I used the Home preset.

Now, when I go to my Mac and try to use it as my Time Machine Backup, it says "The selected network backup disk does not support the required capabilities."

I can mount it and move data into it and the data goes into the .../time_machine/pedz (my id) directory.

 

[pedz]

I’m too new to fully understand all the implications but here is what I found.

First, this seems to be a very common problem and started with 10.12. I never found a “this is the solution” post.

I created a new Dataset called Temp and gave it a quote for the Dataset and its children. This seems to be a common theme in many of the user reports and debugging. I then created an AFP share (skipping the warning) and clicked the Time Machine box. I wasn’t keeping notes but as I recall, that is all I did and it worked.

I kept trying to get the existing time_machine Dataset and SMP share to work by adding quotas on the Dataset as well as for the people but it never would work.

I deleted the Temp and time_machine Dataset which deleted the matching shares and started again from scratch. Created the Dataset called time_machine and gave it a 2T quota for it and its children. Then created an SMP share with Multi-user Time Machine purpose. I looked at the advanced options but I’m 99% sure I didn’t change anything. When I click save it then has a pop up asking if I want to set up the ACLs. Last time I set up the ACLs, hit the HOME preset, and perhaps did other things but I don’t think so. This time I just hit cancel. The share shows it is set to Default.

The Mac is now happy using it as the time machine backup.

One option I thought about changing was the %U. That’s really cool feature. I thought about changing it to something with the user and Hostname but I didn’t.

Curiously, the share does NOT show up on my desktop. I guess macOS sees that it is a time machine backup and so doesn’t display it.

I hope this helps others…

 

[artlessknave]

HOME preset

I would think that would lock down the permissions, and that you probably only want HOME for actual home directories (my docs on windows, I dont know what it translates to on mac)
I didnt notice that earlier. i read it, but that didn't register.
%U as well would mainly be for user directories I believe.
I dont use macos, so im not sure how, exactly, timemachine actually works, but it would definitely need write access to ...write to such a share

 

[awasb]

Applies to TN12 CORE. Never tried SCALE.

[1] Create dataset (generic share type).
[2] Add user/s (i prefer one user for each mac client using the client's machine name as the user and another additional one, a general Time Machine account for the "mother dataset"; that one master user would be enough, if you just got one machine to backup); the defaults are ok, since they are "smb only".
[3] Add smb-share and choose purpose "Multi-user time machine".
[4] Configure ACL by choosing "Default ACL" -> "RESTRICTED".
[5] Assign the file ownership (upper half to the left) to the master user (and group), you just created. Don't forget to select "apply user" and "apply group" beneath the drop down menu.
[6] Activate mDNS under Network -> Global Config -> "Service Announcement".
[7] Add your new backup target on your mac(s).

The time machine bundles will appear as child data sets - per user - right under your general time machine dataset. (And just because they get created per user, i use machine names for users on the truenas side.)

 

[nathan47]

Thank you, these instructions worked for me. I think step 1 is the critical step, I had been trying with an SMB data set and failing.

 

[pedz]

[1] Create dataset (general type).

“Generic” ??? For share type? I don’t see “general” anywhere. Sorry.

 

[awasb]

I am the one to say sorry. „Generic“ is the correct option for the dataset/share type I‘ll edit the above post.

 

[backdoc]

[1] Create dataset (generic share type).
[2] Add user/s (i prefer one user for each mac client using the client's machine name as the user and another additional one, a general Time Machine account for the "mother dataset"; that one master user would be enough, if you just got one machine to backup); the defaults are ok, since they are "smb only".
[3] Add smb-share and choose purpose "Multi-user time machine".
[4] Configure ACL by choosing "Default ACL" -> "RESTRICTED".
[5] Assign the file ownership (upper half to the left) to the master user (and group), you just created. Don't forget to select "apply user" and "apply group" beneath the drop down menu.
[6] Activate mDNS under Network -> Global Config -> "Service Announcement".
[7] Add your new backup target on your mac(s).

The time machine bundles will appear as child data sets - per user - right under your general time machine dataset. (And just because they get created per user, i use machine names for users on the truenas side.)

I tried following this in SCALE 22.02. It may have been me, but this didn't work for me until I followed this suggestion and marked it as a Time Machine share.

 

[awasb]

The above mentioned steps apply to CORE. I’m not using SCALE.

 

[backdoc]

(your post)(your post)The above mentioned steps apply to CORE. I’m not using SCALE.

Okay. I didn’t blame you. Someone linked directly to (this post) and I didn’t notice anything that said these were CORE specific steps. Nevertheless, I would have imagined that the GUI options for Time Machine shares would be pretty similar. My comment might help someone else in the same position as me.

 

[pedz]

For all: @awasb's suggestion with the several steps worked for me (using Generic instead of General). It took me a few tries because I kept missing some subtleties.

One thing that wasn't obvious to me is when the user connects from his Mac to the Time Machine Dataset, they authenticate using the user that is the host name. E.g. If I'm pedz with a host called Frog, the suggestion is I create user credentials on the NAS of Frog and when connecting to via Time Machine, I use the Frog credentials and not pedz. It's one of those things that after you figure it out it's obvious.

Thank you to all...

 

[mberi]

For what it's worth, I faced the same issue when setting up my NAS recently.

I was initially trying to make sure everything works as required on a Test pool and I got the same error message. I had not used the "Generic" share type for this dataset. After fiddling around, I figured that providing "sudo" permission to the Time Machine users fixed the issue for me. (In my case since it's just a home NAS, I'm not too concerned about giving sudo permissions to these users)

Later, however, while setting up my Main pool, I found a guide that mentioned setting the share type to "Generic" for the dataset and this time the Time Machine worked properly even without sudo permissions.

 

[Akshunhiro]

Found this thread as Time Machine had stopped working and wouldn't show up when trying to re-add.

It was resolved by toggling off mDNS under Network > Global Configuration > Service Announcement.

Once I toggled it back on and hit save, my Time Machine share appeared and started working again.

I'm on TrueNAS CORE 12.0-U8

 

[gdarends]

Applies to TN12 CORE. Never tried SCALE.

[1] Create dataset (generic share type).
[2] Add user/s (i prefer one user for each mac client using the client's machine name as the user and another additional one, a general Time Machine account for the "mother dataset"; that one master user would be enough, if you just got one machine to backup); the defaults are ok, since they are "smb only".
[3] Add smb-share and choose purpose "Multi-user time machine".
[4] Configure ACL by choosing "Default ACL" -> "RESTRICTED".
[5] Assign the file ownership (upper half to the left) to the master user (and group), you just created. Don't forget to select "apply user" and "apply group" beneath the drop down menu.
[6] Activate mDNS under Network -> Global Config -> "Service Announcement".
[7] Add your new backup target on your mac(s).

The time machine bundles will appear as child data sets - per user - right under your general time machine dataset. (And just because they get created per user, i use machine names for users on the truenas side.)

This worked for me on SCALE. Had to reboot the machine, and also the ACL when I first saved it for some reason it didn't stick. Worked the second time.

 

[johnlocke]

Assign the file ownership (upper half to the left) to the master user (and group), you just created

Hi.

By "master" you refer to which one, please?
a) "using the client's machine name as the user"
b) a general Time Machine account for the "mother dataset"

 

[awasb]

Single client: b)
Multi client: a) with multiple (sub)datasets, one per machine, each with machine specific ACLs (user name = client machine name).

 

[r2tincan]

I am having some trouble. I followed the original steps in awasb's post but it seems like it's still not working. My mac sees the Time Machine backup successfully and can connect, and then I get an error that "The selected backup disk does not support the required capabilities."

I did the following:

1. Created a time_machine dataset (generic share type, changed no options)
2. Created a time machine master user (timemm) with group (timemm) with home directory as time_machine dataset
3. Created a time machine user for my laptop (timem1) with group (timem1) and also inserted him into group (timemm) with nonexistant home directory
4. Added a SMB share with multi-user time machine
5. Changed the ACL on the time_machine to restricted, and the ownership to timemm
6. Tried to connect to the time machine with timem1, it did, and created the timem1 directory under time_machine, but got the error about capabilities

mDNS is on

What am I doing wrong?

 

[awasb]

Changed the ACL on the time_machine to restricted, and the ownership to timemm

I'd start over with a new share. Make a new dataset within your pool. Create one useraccount with identical group. Set ACLs to that user/machine. Create a share. If it works, create another share for another user/machine. Don't forget to check for "old" mounts on your macs. (And unmount if necessary before adding a new TM Volume.)

 

[humanv09]

Applies to TN12 CORE. Never tried SCALE.

[1] Create dataset (generic share type).
[2] Add user/s (i prefer one user for each mac client using the client's machine name as the user and another additional one, a general Time Machine account for the "mother dataset"; that one master user would be enough, if you just got one machine to backup); the defaults are ok, since they are "smb only".
[3] Add smb-share and choose purpose "Multi-user time machine".
[4] Configure ACL by choosing "Default ACL" -> "RESTRICTED".
[5] Assign the file ownership (upper half to the left) to the master user (and group), you just created. Don't forget to select "apply user" and "apply group" beneath the drop down menu.
[6] Activate mDNS under Network -> Global Config -> "Service Announcement".
[7] Add your new backup target on your mac(s).

The time machine bundles will appear as child data sets - per user - right under your general time machine dataset. (And just because they get created per user, i use machine names for users on the truenas side.)

I'm a newbie so perhaps that's why these exact instructions did not work for me in TrueNAS-13.0-U3.1 Core. I had to make 2 changes and I'm posting them here in case they are of help to others.

- In step 2 all time machine users MUST be in the same group, I created a new group for the TM master user and used that group for all the other TM users. By default, a new group is created for every new user so this is one additional change that must be done when creating the user.
- In step 4, I had to change the permissions for "group@" to Full Control from Modify when using the RESTRICTED template.

Without these changes, my Macs (tested on Big Sur and Monterey) were not able to connect to the Time Machine disk in step 7. The error returned was "Time Machine can't connect to the backup disk. There was an error authenticating with the provided username or password".

Appreciate any feedback if I missed something obvious. The original instructions were extremely helpful since TrueNAS documentation doesn't appear to have anything relating to this process.

cheers,

/human

 

[awasb]

They do not need to share the group, _if_ you create separate datasets for each machine. (Which I'd highly recommend.)

/mnt/data/prod [=production root]

within separate datasets: mac1, mac2, mac3 and so forth. The clients backup to those individual datasets as per machine shares. Each client creating its own sub-dataset (and sparse bundle within).