TrueNAS and Timemachine - finally running

[Ruff.Hi]

I have been trying to set up a timemachine backup using FreeNAS FreeNAS-11.3-U5 and MacOS Catalina. There are quite a few sites talking about how to do this ... but the ball seems to be moving fairly constantly. Do I use SMB or AFP? What types of vfs options do I need.

I finally stumbled on a hint here ...

This looks like a permissions error. The account you are using for time machine will need sufficient rights to traverse to the root of the Share, and the ACL equivalent of "read|write|modify" for the share that is used as a time machine target.

... with the key being using an account that can get to the share and use the share. I had only set up the TM account to use the share. I also saw lots of issues with Catalina in google.

So ... installed TrueNAS 12.0 on my dev, upgraded the mac to Big Sur, swapped the TM dataset / share owner to my standard account ... and now the TM backup is running.

I am not happy with what I have (it is a bit of a mess of lots of different things that I am trying) but ... this is the dev machine so that doesn't matter.

I will try to set up a TM backup on my prod server (FreeNAS-11.3-U5) and see if I can get it running.

Edit: I would also like to see more documentation on the ins and outs of the PURPOSE options suppled under TrueNAS 12.0? I did google and found some pages that said what they were ... but that was about it.

 

[anodos]

SMB generally works fine. I provided the docs team with details about what all of the options are. The "purpose" dropdown is intended to provide some presets for different commonly-used configuration options (a sort of template overlay on the share).
"Private SMB Datasets and Shares" in this case adds a macro to the end of the share path "%U", which gets filled in with your username. "bob" connects to the share and ends up with "/mnt/DuffleBag/timem/bob". If "bob" doesn't exist, then samba will create a new ZFS dataset for "bob", calculate an inherited ACL from the parent ZFS dataset, and then apply it to bob's share. The same happens for "larry" when he connects to the share (ends up in his own dataset). The practical result of this is that "bob" can't touch larry's data and vice-versa, but you only have a single SMB share.

 

[Ruff.Hi]

Thanks for the comment. I tried multi-user TM first ... and it created a dataset for each user. That is overkill as some of the Free/TrueNAS users won't ever be on a mac (windows for them).

The bob and larry situation you describe above is exactly how I would like it to run ... a dataset created as and when required.

 

[anodos]

Thanks for the comment. I tried multi-user TM first ... and it created a dataset for each user. That is overkill as some of the Free/TrueNAS users won't ever be on a mac (windows for them).

The bob and larry situation you describe above is exactly how I would like it to run ... a dataset created as and when required.

Multi-User time machine shares is basically the same thing. The main difference with the "Time Machine" variant is that there is code to automatically snapshot the dataset in the vfs_disconnect() function of samba (to try to maintain snapshots of clean time machine state -- not mid-backup).

 

[Ruff.Hi]

My dev server is running TrueNAS 12 but my Prod server is running FreeNAS 11.3 U5 and that PURPOSE option isn't available on the 11.3 version. I guess I will need to use the vfs options.

I will look at my TrueNAS smb.conf file (I might have an old name here) (google tells me it is in /usr/local/etc/) to see what it is showing.

I think I also need to read https://www.samba.org/samba/docs/current/man-html/vfs_fruit.8.html

Who wants to read a whole bunch of SMB permission documentation over Christmas!

 

[anodos]

My dev server is running TrueNAS 12 but my Prod server is running FreeNAS 11.3 U5 and that PURPOSE option isn't available on the 11.3 version. I guess I will need to use the vfs options.

I will look at my TrueNAS smb.conf file (I might have an old name here) (google tells me it is in /usr/local/etc/) to see what it is showing.

I think I also need to read https://www.samba.org/samba/docs/current/man-html/vfs_fruit.8.html

Who wants to read a whole bunch of SMB permission documentation over Christmas!

PURPOSE isn't required for time machine share to work.
Steps for setting up time machine in 11.3-U5:
1) create user and make member of a group (for instance "tm_users")
2) create dataset for share (tank/tm)
3) grant "tm_users" group FULL_CONTROL of tank/tm through the ACL editor
4) create share pointing to tank/tm with "time machine" checked.
5) restart SMB server to ensure any required global changes take place (there should be prompt for this).

 

[Ruff.Hi]

PURPOSE isn't required for time machine share to work.

Yeah - I know. But I really like where TrueNAS is heading with this sort of user (customer?) support. As said above, I would like to understand what each of the purpose options bring to the table.

Steps for setting up time machine in 11.3-U5:
1) create user and make member of a group (for instance "tm_users")
2) create dataset for share (tank/tm)
3) grant "tm_users" group FULL_CONTROL of tank/tm through the ACL editor
4) create share pointing to tank/tm with "time machine" checked.
5) restart SMB server to ensure any required global changes take place (there should be prompt for this).

Thanks - I was jotting down some user / group notes earlier this morning and had something similar to the above with the exception of your FULL CONTROL comment.

I will give this a whirl and report back.

 

[anodos]

Yeah - I know. But I really like where TrueNAS is heading with this sort of user (customer?) support. As said above, I would like to understand what each of the purpose options bring to the table.



Thanks - I was jotting down some user / group notes earlier this morning and had something similar to the above with the exception of your FULL CONTROL comment.

I will give this a whirl and report back.

To clarify, tm_group should be added as a new ACL entry with the permissions set to "FULL_CONTROL" and flags set to "INHERIT". This ensures that the group always has permissions to the dataset / files even if process tries to chmod() to something else.

 

[Ruff.Hi]

got it - that was what I was going to try. Leave the two default ACLs and add a 3rd.

 

[Ruff.Hi]

Followed steps 1 to 5, did it slightly out of order (2, 1, 2 again for permissions, 3, 4, 5) and then fired up TimeMachine on the mac ... now I have two backups running on the same mac. To different Free/TrueNAS installs (one prod, one dev).

That makes me happy. It turned out to be pretty easy :)

Edit: will wait until I see the 2nd hour backup before I call this one.

 

[Ruff.Hi]

First backup finished. Appears to have started at 3:02pm and finished at 4:43pm. I added my default windows user to the TM group and now I can see the files in my windows explorer.

Time to move onto my next project ... replacing the D5 pumps to enhance the flow in my main home PC.

 

[backdoc]

I have been trying to set up a timemachine backup using FreeNAS FreeNAS-11.3-U5 and MacOS Catalina. There are quite a few sites talking about how to do this ... but the ball seems to be moving fairly constantly. Do I use SMB or AFP? What types of vfs options do I need.

I finally stumbled on a hint here ...



... with the key being using an account that can get to the share and use the share. I had only set up the TM account to use the share. I also saw lots of issues with Catalina in google.

So ... installed TrueNAS 12.0 on my dev, upgraded the mac to Big Sur, swapped the TM dataset / share owner to my standard account ... and now the TM backup is running.

I am not happy with what I have (it is a bit of a mess of lots of different things that I am trying) but ... this is the dev machine so that doesn't matter.

I will try to set up a TM backup on my prod server (FreeNAS-11.3-U5) and see if I can get it running.

Edit: I would also like to see more documentation on the ins and outs of the PURPOSE options suppled under TrueNAS 12.0? I did google and found some pages that said what they were ... but that was about it.

Thanks. This helped me. I think this is what I was missing in TrueNAS SCALE 22.0.2. I also got an option to mark as a Time Machine Share when I selected that option.

 

[gdarends]

For anybody still having issues, this post worked for me on SCALE. Had to do a reboot, and I think with simply toggling mDNS on/off would have sufficed I think.