NFSv4 for Time Machine?

Question

Level 1

10 points

NFSv4 for Time Machine?

Last weekend, I put a fresh install of Ubuntu Server 21.10 on a 10-year-old Mac Mini with the latest version of Samba available for Ubuntu - 4.13.14. I set it up strictly for file server (no print, no DFS, no Active Directory, etc.). Whenever any of my macOS Monterey (12.0.1) clients reboot, Samba on Ubuntu panics.

In case you were wondering, here's my /etc/nsmb.conf on each macOS client:

signing_required = no
protocol_vers_map=6
port445=no_netbios

And here's my /etc/samba/smb.conf on my Mac Mini Ubuntu Server:

[global]
allow dns updates = disabled
bind interfaces only = Yes
client min protocol = SMB3_02
dcerpc endpoint servers = rpcecho
delete veto files = Yes
disable netbios = Yes
disable spoolss = Yes
dns forwarder = 192.168.1.1
dns proxy = No
enhanced browsing = No
# Next line requires catia (needed if no Windows clients?)
fruit:encoding = native
fruit:metadata = stream
# Next line never, ever worked (which is why I do it with Avahi)
;fruit:model = Macmini7
# Do not use NFS access control entries
fruit:nfs_aces = No
# Enable extended attributes (requires streams_xattr)
fruit:resource = xattr
# Next line is already the default
;fruit:zero_file_id = Yes
host msdfs = No
inherit acls = Yes
inherit permissions = Yes
interfaces = lan
lm announce = No
load printers = No
log file = /var/log/samba/log.smbd
log level = 1
logging = file
max log size = 10000
# Next 2 lines defer mDNS config to Avahi (better for icon and Time Machine)
mdns name = mdns
multicast dns register = No
name resolve order = host bcast
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = "*New Password:*" %n\n "*Reenter New Password:*" %n\n "*Password changed.*"
passwd program = /usr/bin/passwd %u
printcap cache time = 0
printcap name = /dev/null
printing = bsd
restrict anonymous = 2
rpc_daemon:spoolssd = disabled
rpc_server:epmapper = disabled
rpc_server:winreg = disabled
rpc_server:lsarpc = disabled
rpc_server:samr = disabled
rpc_server:netlogon = disabled
rpc_server:netdfs = disabled
rpc_server:dssetup = disabled
rpc_server:wkssvc = disabled
rpc_server:spoolss = disabled
rpc_server:svcctl = disabled
rpc_server:ntsvcs = disabled
rpc_server:eventlog = disabled
rpc_server:initshutdown = disabled
rpc_server:mdssvc = disabled
server max protocol = SMB3_11
server min protocol = SMB3_02
# Next line experimental until 4.15 - macOS clients support multi-channel SMB3
server multi channel support = Yes
server role = standalone server
server services = rpc, smb
server string = %h server (Samba 4.13.14, Ubuntu 21.10)
show add printer wizard = No
smb ports = 445
unix password sync = Yes
use sendfile = Yes
veto files = /._*/.DS_Store/
vfs objects = catia fruit streams_xattr

[homes]
browseable = No
comment = Home Directory
fruit:time machine = No
guest ok = No
spotlight = No
valid users = %S
writable = Yes

[Backup]
comment = Time Machine
fruit:time machine = Yes
guest ok = No
path = /external/%U
spotlight = No
valid users = %U
writable = Yes

As Samba appears to be unreliable at this time (bug submitted), I'm wondering whether anyone has successfully setup NFSv4 on a Linux system with macOS clients specifically for Time Machine and if so, how it performs.

Found this article on using NFS for Time Machine that suggested rebooting tends to corrupt the sparse image. With laptops that go to sleep often, that seems just as bad as Samba panics.

Is there no file serving technology for Time Machine that can survive clients that reboot or go to sleep?

Posted on Nov 17, 2021 8:36 AM

Reply

Answer 1

Top-ranking reply

James Brickley

Level 5

5,770 points

Nov 26, 2021 3:11 PM in response to natdev

I don't like to use non-LTS releases for the very reason you've just now experienced. It's working fine for me with the same Samba version 4.13.14 on Ubuntu Server 20.04.3 LTS. No crashes. I use NFS for other network shares but not the Time Machine.

I am running a minimal LXD container on Ubuntu Server on top of ZFS to act as my dedicated Time Capsule. I used avahi-daemon to Bonjour advertise it as a Time Capsule. Allocated 2TB ZFS volume and mounted within the tiny container running a minimal Ubuntu Server (shares the host kernel in the container) which has Samba and Avahi and that's about it. I host multiple users and multiple Mac sparse bundle backups.

Created users and set smbpasswd's for each and granted them permissions / ownership in their /capsule/timemachine/<user> paths.

I am not configuring /etc/nsmb.conf on the Mac's either. It's been working just fine from Mojave on up to Monterey. My server /etc/smb.conf appears simpler than yours.

I snapshot the Time Capsule volume and zfs send to a second NAS to maintain a replica copy of my Time Machine backups. It performs delta copies over SSH using the zfs send.

/etc/smb.conf

[global]
# Basic Samba configuration
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
security = user
printcap name = /dev/null
load printers = no
# socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288
server string = Samba Server %v
map to guest = bad user
dns proxy = no
wide links = yes
follow symlinks = yes
unix extensions = no
acl allow execute always = yes
log file = /var/log/samba/%m.log
max log size = 1000
hosts allow = 192.168.1.0/24
client min protocol = SMB2
client max protocol = SMB3

# Special configuration for Apple's Time Machine
fruit:model = MacPro
fruit:advertise_fullsync = true
fruit:aapl = yes

[Time Machine]
path = /capsule/timemachine/%U
valid users = %U
writable = yes
durable handles = yes
kernel oplocks = no
kernel share modes = no
posix locking = no
vfs objects = catia fruit streams_xattr
ea support = yes
browseable = yes
read only = No
inherit acls = yes
fruit:time machine = yes

/etc/avahi/services/timemachine.service

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
 <name replace-wildcards="yes">%h</name>
 <service>
   <type>_smb._tcp</type>
   <port>445</port>
 </service>
 <service>
   <type>_device-info._tcp</type>
   <port>0</port>
   <txt-record>model=RackMac</txt-record>
 </service>
 <service>
   <type>_adisk._tcp</type>
   <txt-record>sys=waMa=0,adVF=0x100</txt-record>
   <txt-record>dk0=adVN=Time Machine,adVF=0x82</txt-record>
 </service>
</service-group>

Linux capsule 5.4.0-90-generic #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.3 LTS
Release:	20.04
Codename:	focal

              total        used        free      shared  buff/cache   available
Mem:          238Mi       119Mi        28Mi       4.0Mi        90Mi       119Mi
Swap:            0B          0B          0B

Filesystem                                                             Size  Used Avail Use% Mounted on
/var/snap/lxd/common/lxd/storage-pools/tank/containers/capsule/rootfs  1.9G  1.6G  345M  82% /
none                                                                   492K  4.0K  488K   1% /dev
udev                                                                    16G     0   16G   0% /dev/tty
tmpfs                                                                  100K     0  100K   0% /dev/lxd
/var/snap/lxd/common/lxd/devices/capsule/disk.folder.capsule           2.0T  1.7T  363G  83% /capsule
tmpfs                                                                  100K     0  100K   0% /dev/.lxd-mounts
tmpfs                                                                   16G     0   16G   0% /dev/shm
tmpfs                                                                  3.2G  4.7M  3.2G   1% /run
tmpfs                                                                  5.0M     0  5.0M   0% /run/lock
tmpfs                                                                   16G     0   16G   0% /sys/fs/cgroup

Reply

Answer 2

natdev Author

Level 1

10 points

Dec 1, 2021 9:49 AM in response to natdev

I've been able to identify the cause of the segfault panic. Using Samba 4.13.14-Ubuntu, enabling

server multi channel support = Yes

in your /etc/samba/smb.conf, mounting a share on a macOS client then rebooting that client causes the segfault.

This is configuration option is experimental below Samba 4.15 so not well-tested apparently. Multi-channel support is a performance enhancement in SMB3. Hopefully, this bug will be resolved soon.

BTW... found this article on optimizing Samba performance on ZFS. Curious what you think.

Reply

Answer 3

natdev Author

Level 1

10 points

Nov 30, 2021 6:58 AM in response to natdev

Re: LXD containers - makes sense.

One thing I might try is to set server multi channel support = No (or comment it out as "No" is the default until 4.15+). Could be that's related to the segfaults when clients are rebooted. Of course, this is one of the bigger benefits of SMB3 so it would be a shame to have to turn it off.

Reply

Answer 4

natdev Author

Level 1

10 points

Dec 2, 2021 8:01 AM in response to natdev

Got feedback from the Samba team that server multi channel support simply doesn't work in 4.13.x. Guess I'll have to wait for Samba 4.14 or 4.15 to make it to Ubuntu to be able to take advantage of it as I'm not motivated to build Samba from source.

Reply

Answer 5

Dec 1, 2021 11:14 AM in response to natdev

Thanks for the article, it is intriguing. It's working fine with the out of the box ZFS defaults and the only setting I have is the quota one. The incremental backups run very fast for me. I suppose some of those settings may help when restoring or when backing up a Mac the first time, etc. I'll keep this article for future reference, it's not that I disagree, it's more about splitting hairs over minor tweaks.

Unless it's going to make a massive performance improvement that I can benchmark, it's not worth me re-working everything to change it. The alternate striping of A/B volumes is interesting, I didn't know TM could do that. I already snapshot and ZFS send to a second NAS ZFS server plus backup critical files to cloud.

Reply

Answer 6

natdev Author

Level 1

10 points

Nov 29, 2021 2:04 PM in response to James Brickley

Thanks a lot for the detailed response. A few follow up questions and comments...

If you have a share mounted on a Mac running Monterey and you reboot the Mac, do you see anything odd in the Samba log on Ubuntu?
Your /etc/avahi/services/timemachine.service matches mine. Thanks for posting this for other people in the forum to see it.
Have you ever found setting fruit:model in the smb.conf to work? I have always had to set the icon in the Avahi service definition as you have in order to see the correct icon on macOS clients. Would have liked for this to work but it never did for me. Curious about your experience.
Most of what's in my smb.conf are efforts to disable services not needed by macOS clients in the hope of improving performance (and stability).
A few things I noticed about your smb.conf... fruit:advertise_fullsync = true is deprecated and was replaced with fruit:time machine = yes (https://www.samba.org/samba/docs/current/man-html/vfs_fruit.8.html). The settings fruit:aapl = Yes, ea support = Yes, durable handles = Yes, kernel oplocks = No, passdb backend = tdbsam are default values.
Regarding posix locking = no, the docs state, "It is very unlikely that you need to set this parameter to "no", unless you are sharing from an NFS mount, which is not a good idea in the first place."
Out of curiosity, why did you opt for isolating Samba and Avahi in a light LXD container? Was it more related to security than stability?

Reply

Answer 7

Nov 29, 2021 3:02 PM in response to natdev

Checked my logs no panics nor segfaults on Samba. Some errors about lack of network or normal SIGTERMs when the container reboots or when I was doing maintenance to patch the Linux servers and reboot them.
My smb.conf was a matter of trial and error. I haven't updated it once it was working. For the depreciated fruit:advertise_fullsync, I'll look into it. But no problems so far. The posix locking was something I tossed in while fighting to get the configuration working. I also couldn't get the icon to appear without specifying it in Avahi.

Reason for the container? I have a home lab of multiple servers and LXD containers make a lot of sense. Easy to backup, scale, and move around.

Reply

Answer 8

natdev Author

Level 1

10 points

Dec 1, 2021 12:24 PM in response to James Brickley

Here's my updated /etc/samba/smb.conf designed for Monterey macOS clients (disabling everything superfluous - alphabetized):

[global]
allow dns updates = disabled
;bind interfaces only = Yes
client min protocol = SMB3_11
dcerpc endpoint servers = rpcecho
;deadtime = 30
delete veto files = Yes
disable netbios = Yes
disable spoolss = Yes
dns forwarder = 192.168.1.1
dns proxy = No
enhanced browsing = No
# Next line requires catia (needed if no Windows clients?)
fruit:encoding = native
fruit:metadata = stream
# Next line never ever worked. Do it with Avahi instead.
;fruit:model = Macmini7
# Do not use NFS access control entries
fruit:nfs_aces = No
# Enable extended attributes (requires streams_xattr)
fruit:resource = xattr
# Next line is already the default
;fruit:zero_file_id = Yes
host msdfs = No
inherit acls = Yes
inherit permissions = Yes
;interfaces = lan
lm announce = No
load printers = No
log file = /var/log/samba/log.smbd
log level = 1
logging = file
max log size = 10000
# Next 2 lines defer mDNS config to Avahi (better for icon and Time Machine)
mdns name = mdns
multicast dns register = No
name resolve order = host bcast
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = "*New Password:*" %n\n "*Reenter New Password:*" %n\n "*Password changed.*"
passwd program = /usr/bin/passwd %u
printcap cache time = 0
printcap name = /dev/null
printable = No
printing = bsd
restrict anonymous = 2
rpc_daemon:spoolssd = disabled
rpc_server:epmapper = disabled
rpc_server:winreg = disabled
rpc_server:lsarpc = disabled
rpc_server:samr = disabled
rpc_server:netlogon = disabled
rpc_server:netdfs = disabled
rpc_server:dssetup = disabled
rpc_server:wkssvc = disabled
rpc_server:spoolss = disabled
rpc_server:svcctl = disabled
rpc_server:ntsvcs = disabled
rpc_server:eventlog = disabled
rpc_server:initshutdown = disabled
rpc_server:mdssvc = disabled
server max protocol = SMB3_11
server min protocol = SMB3_11
# While macOS clients support the next option, client reboots will segfault Samba if uncommented
;server multi channel support = Yes
server role = standalone server
server services = rpc, smb
server string = %h server (Samba 4.13.14, Ubuntu 21.10)
show add printer wizard = No
smb ports = 445
unix password sync = Yes
use sendfile = Yes
veto files = /._*/.DS_Store/
vfs objects = catia fruit streams_xattr

[homes]
browseable = No
comment = Home Directory
fruit:time machine = No
guest ok = No
spotlight = No
valid users = %S
writable = Yes

[Backup]
comment = Time Machine
fruit:time machine = Yes
guest ok = No
path = /external/%U
spotlight = No
valid users = %U
writable = Yes

and my /etc/avahi/services/samba.service...

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
 <name replace-wildcards="yes">Saint James</name>
 <service>
   <type>_smb._tcp</type>
   <port>445</port>
 </service>
 <service>
   <type>_device-info._tcp</type>
   <port>0</port>
   <txt-record>model=Macmini7</txt-record>
 </service>
 <service>
   <type>_adisk._tcp</type>
   <txt-record>sys=waMa=0,adVF=0x100</txt-record>
   <txt-record>dk0=adVN=Backup,adVF=0x82</txt-record>
 </service>
</service-group>

Reply

NFSv4 for Time Machine?

Similar questions