mbentley / docker-timemachine Goto Github PK

View Code? Open in Web Editor NEW

547.0 13.0 65.0 178 KB

Docker image to run Samba (compatible Time Machine for macOS)

License: Apache License 2.0

Shell 100.00%

docker-timemachine's Introduction

mbentley/timemachine

docker image to run Samba or AFP (netatalk) to provide a compatible Time Machine for MacOS

Image Tags

Multi-arch Tags

The following tags have multi-arch support for amd64, armv7l, and arm64 and will automatically pull the correct tag based on your system's architecture:

latest, smb

Note: The afp tag has been deprecated in terms of new feature updates and is only available for amd64.

Date Specific Tags

The smb tags also have unique manifests that are generated daily. These are in the format smb-YYYYMMDD (e.g. - smb-20210730) and can be viewed on Docker Hub. Each one of these tags will be generated daily and is essentially a point in time snapshot of the smb tag's manifest that you can pin to if you wish. Please note that these tags will remain available on Docker Hub for 6 months and will not receive security fixes. You will need to update to newer tags as they are published in order to get updated images. If you do not care about specific image digests to pin to, I would suggest just using the smb tag.

Explicit Architecture Tags

These tags will explicitly pull the image for the listed architecture and are bit for bit identical to the multi-arch tags images.

`amd64`

latest-smb-amd64, smb-amd64 - SMB image based off of alpine:latest
afp, afp-amd64 - AFP image based off of debian:jessie
- Deprecated but still available; not being regularly built - This image may have unpatched security vulnerabilities

`armv7l`

latest-smb-armv7l, smb-armv7l - SMB image based off of alpine:latest for the armv7l architecture

`arm64`

latest-smb-arm64, smb-arm64 - SMB image based off of alpine:latest for the arm64 architecture

Warning: I would strongly suggest migrating to the SMB image as AFP is being deprecated by Apple and I've found it to be much more stable. I do not plan on adding any new features to the AFP based config and I switched the default image in the latest tag to the SMB variant on October 15, 2020.

To pull this image: docker pull mbentley/timemachine:smb

Example usage for SMB

Note: If you update the TM_USERNAME value, that will change the path for the persistent volume. See persistent data path for more details.

Example usage with --net=host to allow Avahi discovery; with commonly used environment variables set to their default values:

docker run -d --restart=always \
  --name timemachine \
  --net=host \
  -e TM_USERNAME="timemachine" \
  -e TM_GROUPNAME="timemachine" \
  -e PASSWORD="timemachine" \
  -e TM_UID="1000" \
  -e TM_GID="1000" \
  -e SET_PERMISSIONS="false" \
  -e VOLUME_SIZE_LIMIT="0" \
  -v /path/on/host/to/backup/to/for/timemachine:/opt/timemachine \
  --tmpfs /run/samba \
  mbentley/timemachine:smb

Example usage with exposing ports without Avahi discovery; with commonly used environment variables set to their default values:

docker run -d --restart=always \
  --name timemachine \
  --hostname timemachine \
  -p 137:137/udp \
  -p 138:138/udp \
  -p 139:139 \
  -p 445:445 \
  -e TM_USERNAME="timemachine" \
  -e TM_GROUPNAME="timemachine" \
  -e PASSWORD="timemachine" \
  -e TM_UID="1000" \
  -e TM_GID="1000" \
  -e SET_PERMISSIONS="false" \
  -e VOLUME_SIZE_LIMIT="0" \
  -v /path/on/host/to/backup/to/for/timemachine:/opt/timemachine \
  --tmpfs /run/samba \
  mbentley/timemachine:smb

Kubernetes support

The images are also compatible with Kubernetes. Checkout timemachine-k3s.yaml as an example for running a TimeMachine backup server on a single-node k3s cluster running (on a Raspberry Pi 4).

Tips for Automatic Discovery w/Avahi

This works best with --net=host so that discovery can be broadcast. Otherwise, you will need to expose the above ports and then you must manually map the share in Finder for it to show up (open Finder, click Shared, and connect as smb://hostname-or-ip/TimeMachine with your TimeMachine credentials). Using --net=host only works if you do not already run Samba or Avahi on the host! Alternatively, you can use the SMB_PORT option to change the port that Samba uses. See below for another workaround if you do not wish to change the Samba port.

Known Issues

Processes fail to start; container has high CPU usage

If the container isn't starting and you're seeing logs like Failed to start message bus: Failed to bind socket, and possibly have other symptoms like seeing high CPU usage from the container, it could be that your are hitting the nofile ulimit. Make sure your compose file or docker run command have the nofile ulimits adjusted to increase the defaults. Check the examples in the README or the example compose files in this repository.

Unable to start the `armv7l` image

If you are running the armv7l image, you may see and error when trying to start the container:

s6-svscan: warning: unable to iopause: Operation not permitted

This is due to an issue with the libseccomp2 package. You have two options:

Disable seccomp for the container by adding the --security-opt seccomp=unconfined argument (this has security implications)

Install a backported version of libseccomp2:

wget http://ftp.us.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.5.1-1~bpo10+1_armhf.deb
sudo dpkg -i libseccomp2_2.5.1-1~bpo10+1_armhf.deb

This issue has been observed on Raspberry Pi OS (formerly known as Raspbian) based on Debian 10 (Buster) but may also be found on other distros as they may commonly use the libseccomp2 package version 2.3.3-4.

Conflicts with Samba and/or Avahi on the Host

Note: If you are already running Samba/Avahi on your Docker host (or you're wanting to run this on your NAS), you should be aware that using --net=host will cause a conflict with the Samba/Avahi install. Raspberry Pi users: be aware that there is already an mDNS responder running on the stock Raspberry Pi OS image that will conflict with the mDNS responder in the container.

If your host is running Avahi, you can configure it to act as a reflector, and the container advertisements will be broadcast to your host network without using --net=host. To do this, edit the avahi config (/etc/avahi/avahi-daemon.conf) on the host:

set enable-reflector=yes
set cache-entries-max=0 - this prevents issues with Apple devices reporting duplicate names and adding/incrementing numbers in their name (references: https://blogs.thismonkey.com/?p=33 and https://community.ui.com/questions/mdns-reflector-help-computer-name-keeps-changing/180dd51f-a5b2-465c-88c2-6e85ab03c38a#answer/4732ed77-37aa-4f30-b992-cf99752e4f6a)

Then set the ADVERTISED_HOSTNAME environment variable in your container config to the mDNS hostname of your host, without the .local suffix.

As an alternative, you can use the macvlan driver in Docker which will allow you to map a static IP address to your container. If you have issues setting up Time Machine with the configuration, feel free to open an issue and I can assist - this is how I persoanlly run time machine.

Create a macvlan Docker network (assuming your local subnet is 192.168.1.0/24, the default gateway is 192.168.1.1, and eth0 for the host's network interface):

docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=eth0 macvlan1

On devices such as Synology DSM, the primary network interface may be ovs_eth0 due to the usage of Open vSwitch. If you are unsure of your primary network interface, this command may help:

$ route | grep ^default | awk '{print $NF}'
eth0

The macvlan driver can use another network interface as the documentation states above but in cases where multiple network interfaces may exist and they might not all be connected, choosing the primary network interface is generally safe.

Add --network macvlan1 and --ip 192.168.1.x to your docker run command where 192.168.1.x is a static IP to assign to Time Machine

Example macvlan setup using docker-compose

services:
  timemachine:
    hostname: timemachine
    mac_address: "AA:BB:CC:DD:EE:FF"
    networks:
      timemachine:
        ipv4_address: 192.168.1.x

networks:
  timemachine:
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 192.168.1.0/24
          ip_range: 192.168.1.0/24
          gateway: 192.168.1.1

hostname, mac_address, and ipv4_address are optional, but can be used to control how it is configured on the network. If not defined, random values will be used.
This config requires docker-compose version 1.27.0+ which implements the compose specification.

Volume & File system Permissions

If you're using an external volume like in the example above, you will need to set the filesystem permissions on disk. By default, the timemachine user is 1000:1000.

The backing data store for your persistent time machine data must support extended file attributes (xattr). Remote file systems, such as NFS, will very likely not support xattrs. See #61 for more details. This image will check and try to set xattrs to a test file in /opt/${TM_USERNAME} to warn the user if they are not supported but this will not prevent the image from running.

Persistent Data Path

If you change the TM_USERNAME value, it will change the persistent data path from /opt/timemachine to /opt/<value-of-TM_USERNAME>. Failure to map this appropriately will lead to data being stored inside the container and not in the volume you have specified!

Default credentials

Username: timemachine
Password: timemachine

Optional variables for SMB

Variable	Default	Description
`ADVERTISED_HOSTNAME`	not set	Avahi will advertise the smb services at this hostname instead of the local hostname (useful in Docker without `--net=host`). Do not set this if you don't know what you're doing!
`CUSTOM_SMB_AUTH`	`no`	set to yes, indicates that you want Samba to attempt to authenticate users using the NTLM Encrypted Password Response
`CUSTOM_SMB_CONF`	`false`	indicates that you are going to bind mount a custom config to `/etc/samba/smb.conf` if set to `true`
`CUSTOM_SMB_PROTO`	`SMB2`	indicates that you want to allow another value from Samba Protocol List
`CUSTOM_USER`	`false`	indicates that you are going to bind mount `/etc/password`, `/etc/group`, and `/etc/shadow`; and create data directories if set to `true`
`DEBUG_LEVEL`	`1`	sets the debug level for `nmbd` and `smbd`
`EXTERNAL_CONF`	not set	specifies a directory in which individual variable files, ending in `.conf`, for multiple users; see Adding Multiple Users & Shares for more info
`HIDE_SHARES`	`no`	set to `yes` if you would like only the share(s) a user can access to appear
`MIMIC_MODEL`	`TimeCapsule8,119`	sets the value of time machine to mimic
`TM_USERNAME`	`timemachine`	sets the username time machine runs as
`TM_GROUPNAME`	`timemachine`	sets the group name time machine runs as
`TM_UID`	`1000`	sets the UID of the `TM_USERNAME` user
`TM_GID`	`1000`	sets the GID of the `TM_GROUPNAME` group
`PASSWORD`	`timemachine`	sets the password for the `timemachine` user
`SET_PERMISSIONS`	`false`	set to `true` to have the entrypoint set ownership and permission on the `/opt/<username>` in the container
`SHARE_NAME`	`TimeMachine`	sets the name of the timemachine share to TimeMachine by default
`SMB_INHERIT_PERMISSIONS`	`no`	if yes, permissions for new files will be forced to match the parent folder
`SMB_NFS_ACES`	`no`	value of `fruit:nfs_aces`; support for querying and modifying the UNIX mode of directory entries via NFS ACEs
`SMB_METADATA`	`stream`	value of `fruit:metadata`; controls where the OS X metadata stream is stored
`SMB_PORT`	`445`	sets the port that Samba will be available on
`SMB_VFS_OBJECTS`	`fruit streams_xattr`	value of `vfs objects`
`VOLUME_SIZE_LIMIT`	`0`	sets the maximum size of the time machine backup; a unit can also be passed (e.g. - `1 T`). See the Samba docs under the `fruit:time machine max size` section for more details
`WORKGROUP`	`WORKGROUP`	set the Samba workgroup name
`IGNORE_DOS_ATTRIBUTES`	`false`	If set to `true` Samba will ignore DOS attributes. This is accomplished by setting store dos attributes, map hidden, map system, map archive and map readonly to `no` in the `[global]` section.

Adding Multiple Users & Shares

In order to add multiple users who have their own shares, you will need to create a file for each user and put them in a directory. The file name must end in .conf or it will not be parsed and the contents must be environment variable formatted proper and include all of the values below in the example. Only VOLUME_SIZE_LIMIT can be empty if you do not want to set a quota.

Example `EXTERNAL_CONF` File

This is an example to create a user named foo. The EXTERNAL_CONF variable should point to the directory that contains the user definition files. Create multiple files with different attributes to create multiple users and shares.

foo.conf

TM_USERNAME=foo
TM_GROUPNAME=foogroup
PASSWORD=foopass
SHARE_NAME=foo
VOLUME_SIZE_LIMIT="1 T"
TM_UID=1000
TM_GID=1000

Example run command for `EXTERNAL_CONF`

This run command has the necessary path to where the external user files will be mounted (set in EXTERNAL_CONF) and the volume mount that matches the path specified in EXTERNAL_CONF.

Note: You will need to either bind mount /opt or each SHARE_NAME directory under /opt for each user.

docker run -d --restart=always \
  --name timemachine \
  --net=host \
  --ulimit nofile=65536:65536 \
  -e ADVERTISED_HOSTNAME="" \
  -e CUSTOM_SMB_CONF="false" \
  -e CUSTOM_USER="false" \
  -e DEBUG_LEVEL="1" \
  -e MIMIC_MODEL="TimeCapsule8,119" \
  -e EXTERNAL_CONF="/users" \
  -e HIDE_SHARES="no" \
  -e TM_USERNAME="timemachine" \
  -e TM_GROUPNAME="timemachine" \
  -e TM_UID="1000" \
  -e TM_GID="1000" \
  -e PASSWORD="timemachine" \
  -e SET_PERMISSIONS="false" \
  -e SHARE_NAME="TimeMachine" \
  -e SMB_INHERIT_PERMISSIONS="no" \
  -e SMB_NFS_ACES="no" \
  -e SMB_METADATA="stream" \
  -e SMB_PORT="445" \
  -e SMB_VFS_OBJECTS="fruit streams_xattr" \
  -e VOLUME_SIZE_LIMIT="0" \
  -e WORKGROUP="WORKGROUP" \
  -v /path/on/host/to/backup/to/for/timemachine:/opt \
  -v /path/on/host/to/user/file/directory:/users \
  --tmpfs /run/samba \
  mbentley/timemachine:smb

Using a password file

This is an example to using Docker secrets to pass the password via a file

password.txt

my_secret_password

Example docker-compose file

The follow example shows the key values required for in your compose file.

version: "3.3" # or greater
services:
  timemachine:
    # ...
    environment:
      - PASSWORD_FILE=/run/secrets/password
      # ...
    secrets:
      - password

secrets:
  password:
    file: ./password.txt

AFP Examples and Variables

Click to expand

Example docker-compose usage for AFP

docker compose -f timemachine-compose.yml up -d

Example `docker run` usage for AFP

Example usage with --net=host to allow Avahi discovery to function:

docker run -d --restart=always \
  --net=host \
  --name timemachine \
  -e CUSTOM_AFP_CONF="false" \
  -e CUSTOM_USER="false" \
  -e LOG_LEVEL="info" \
  -e MIMIC_MODEL="TimeCapsule6,106" \
  -e TM_USERNAME="timemachine" \
  -e TM_GROUPNAME="timemachine" \
  -e TM_UID="1000" \
  -e TM_GID="1000" \
  -e PASSWORD="timemachine" \
  -e SET_PERMISSIONS="false" \
  -e SHARE_NAME="TimeMachine" \
  -e VOLUME_SIZE_LIMIT="0" \
  -v /path/on/host/to/backup/to/for/timemachine:/opt/timemachine \
  -v timemachine-netatalk:/var/netatalk \
  -v timemachine-logs:/var/log/supervisor \
  mbentley/timemachine:afp

Example usage with exposing ports without Avahi discovery:

docker run -d --restart=always \
  --name timemachine \
  --hostname timemachine \
  -p 548:548 \
  -p 636:636 \
  -e CUSTOM_AFP_CONF="false" \
  -e CUSTOM_USER="false" \
  -e LOG_LEVEL="info" \
  -e MIMIC_MODEL="TimeCapsule6,106" \
  -e TM_USERNAME="timemachine" \
  -e TM_GROUPNAME="timemachine" \
  -e TM_UID="1000" \
  -e TM_GID="1000" \
  -e PASSWORD="timemachine" \
  -e SET_PERMISSIONS="false" \
  -e SHARE_NAME="TimeMachine" \
  -e VOLUME_SIZE_LIMIT="0" \
  -v /path/on/host/to/backup/to/for/timemachine:/opt/timemachine \
  -v timemachine-netatalk:/var/netatalk \
  -v timemachine-logs:/var/log/supervisor \
  mbentley/timemachine:afp

Optional variables for AFP:

Variable	Default	Description
`CUSTOM_AFP_CONF`	`false`	indicates that you are going to bind mount a custom config to `/etc/netatalk/afp.conf` if set to `true`
`CUSTOM_USER`	`false`	indicates that you are going to bind mount `/etc/password`, `/etc/group`, and `/etc/shadow`; and create data directories if set to `true`
`LOG_LEVEL`	`info`	sets the netatalk log level
`MIMIC_MODEL`	`TimeCapsule6,106`	sets the value of time machine to mimic
`TM_USERNAME`	`timemachine`	sets the username time machine runs as
`TM_GROUPNAME`	`timemachine`	sets the group name time machine runs as
`TM_UID`	`1000`	sets the UID of the `TM_USERNAME` user
`TM_GID`	`1000`	sets the GID of the `TM_GROUPNAME` group
`PASSWORD`	`timemachine`	sets the password for the `timemachine` user
`SET_PERMISSIONS`	`false`	set to `true` to have the entrypoint set ownership and permission on `/opt/timemachine`
`SHARE_NAME`	`TimeMachine`	sets the name of the timemachine share to TimeMachine by default
`VOLUME_SIZE_LIMIT`	`0`	sets the maximum size of the time machine backup in MiB (mebibyte)

Thanks for odarriba and arve0 for their examples to start from.

docker-timemachine's People

Contributors

Stargazers

Watchers

docker-timemachine's Issues

NFS volume does not work (permission error?)

First of all: Backup works fine with this "basic" configuration and a normal docker volume for datastore:

version: "3.3"
services:

  server:
    image: mbentley/timemachine:latest
    environment:                                                                                                                                             
      - TM_USERNAME=maxkratz                                                                                                                                 
      - TM_GROUPNAME=maxkratz                                                                                                                                
      - TM_UID=1000                                                                                                                                          
      - TM_GID=1000                                                                                                                                          
      - PASSWORD=123
    network_mode: host
    volumes:
      # data directories
      - tmdata-nfs:/opt

      # SMB stuff
      - ./data/run-samba:/run/samba                                                                                                                          
      - ./data/var-cache-samba:/var/cache/samba                                                                                                              
      - ./data/var-lib-samba:/var/lib/samba                                                                                                                  

volumes:
  tmdata-nfs:

My dockerhost is a virtual machine and I want to mount a nfs volume for the TimeMachine backups. Therefore, I add the following part to the docker-compose.yml:

volumes:
  tmdata-nfs:
    driver_opts:
      type: "nfs"
      o: "addr=10.0.0.69,nolock,soft,rw"
      device: ":/<my-export>"

Unfortunately, TimeMachine now refuses to start the backup and the log of the container lists this:

server_1  | 2020-11-09T18:40:16.730266943Z error in mds_init_ctx for: /opt/maxkratz
server_1  | 2020-11-09T18:40:16.730287522Z _mdssvc_open: Couldn't create policy handle for TimeMachine
server_1  | 2020-11-09T18:40:24.017684511Z fruit_pread_meta_stream: Removing [CDB9C062-55B3-5C1E-A5E0-D9C32358B133.sparsebundle:AFP_AfpInfo] after short read [0]
server_1  | 2020-11-09T18:40:24.018623319Z fruit_pwrite_meta_stream: On-demand create [CDB9C062-55B3-5C1E-A5E0-D9C32358B133.sparsebundle:AFP_AfpInfo] in write failed: No such file or directory

User maxkratz exists on both the vm and the NFS server and both accounts have id 1000 and group with id 1000.
I've also tried - SET_PERMISSIONS=true as parameter, but this did not fix it.

The container is able to create the folder on my NFS share with correct user and group:

 root@phoebe - /mnt/ironwolfraidfs/timemachine: $ ls -l
drwxr-sr-x 2 maxkratz maxkratz 4096 Nov  9 19:40 maxkratz
drwxr-xr-x 2 root     root     4096 Okt 24 07:03 timemachine

This is my NFS share configuration:

/mnt/ironwolfraidfs/timemachine		10.0.0.22(rw,async,no_root_squash,no_subtree_check)

Am I forgetting anything? I don't get it ... It would be very nice if someone could give me and idea!

Volumes ran full - maybe add a warning to compose, that /tmp should hold heaps of free disk space

It was a big problem for me at least as I have my tmp on a SSD which doesn't hold too much of free space (like 30 GB), which was fine so far until this timemachine image filled it completely up :-)

OSStatus error 2

Hi,
i'm trying to set up a Time Machine backup using your docker image. I have been successful to create the container, i can see my server under the Available Disk option in the TimeMachine utility. But when i select it and enter the default user and password and have the Following error message.
Any help would be appreciated. Thank you

Perhaps you could build ARMv7 images?

Hi.

This was very useful - thanks! I just built and deployed this on my raspberry pi 4. Everything seems to be working fine. The pi has plenty CPU and memory to run this and is a pretty perfect platform to run time machine.

I'm not sure how you build but I suppose you could easily find a build service that would build this for the ARMv7 architecture.

Let me know if I can help out.

Couldn't start timemachine with Samba

Hello.

I try to start the container with docker-compose file from the repository timemachine-compose-smb.yml. Just changed the path to the share on the host, rename it to docker-compose.yml and start it docker-compose up -d, but got an error:
ERROR: Named volume "timemachine-var-lib-samba:/var/lib/samba:rw" is used in service "timemachine" but no declaration was found in the volumes section.

Could somebody help me to understand what is wrong here?

Macvlan Server Name

Hey,

Just wondering how it would be possible to name the share parent (ie: the 'server' not the share itself) when using macvlan?

If I create a share via host networking, I get the name of my server, then the share 'TimeMachine' inside. However, when swapping to macvlan, the server name is instead named the first 12 characters of the container ID.

Eg: Portainer lists my timemachine container ID as:

56c926ac15afd0becd4e23cdf33cc0b3d536a9b9e1a0d74d62fed734904425f2

So the share is coming up as 56c926ac15af.local instead of 'server-name.local'. This doesn't appear to change even when using the 'name' function in docker compose.

  timeMachine:
    ipam:
      config:
        - subnet: 192.168.60.0/24
    name: timeMachine
    driver: macvlan
    driver_opts:
      com.docker.network.bridge.name: timeMachine
      parent: ens18

Thank you.

TM_USER vs. TM_USERNAME

Matt, my backup files were being created by user "1100," which is the UID of my already-created user, "timemachine."

That led me to spot a potential inconsistency. It appears that in entrypoint.sh, line 11, you are using "TM_USERNAME":

#!/bin/sh

set default values

LOG_LEVEL="${LOG_LEVEL:-info}"
SET_PERMISSIONS="${SET_PERMISSIONS:-false}"
SHARE_NAME="${SHARE_NAME:-TimeMachine}"
CUSTOM_AFP_CONF="${CUSTOM_AFP_CONF:-false}"
CUSTOM_SMB_CONF="${CUSTOM_SMB_CONF:-false}"
SMB_PORT="${SMB_PORT:-445}"
CUSTOM_USER="${CUSTOM_USER:-false}"
TM_USERNAME="${TM_USERNAME:-timemachine}"
TM_GROUPNAME="${TM_GROUPNAME:-timemachine}"
TM_UID="${TM_UID:-1000}"
TM_GID="${TM_GID:-${TM_UID}}"
VOLUME_SIZE_LIMIT="${VOLUME_SIZE_LIMIT:-0}"
WORKGROUP="${WORKGROUP:-WORKGROUP}"
EXTERNAL_CONF="${EXTERNAL_CONF:-}"
HIDE_SHARES="${HIDE_SHARES:-no}"

However in the stock smb docker-compose, you set the environment variable as TM_USER.

version: "3.7"
services:
timemachine:
network_mode: "host"
environment:
- CUSTOM_SMB_CONF=false
- CUSTOM_USER=false
- LOG_LEVEL=info
- EXTERNAL_CONF=
- HIDE_SHARES=no
- MIMIC_MODEL=TimeCapsule8,119
- TM_USER=timemachine
- TM_GROUPNAME=timemachine
- TM_UID=1000
- TM_GID=1000
- PASSWORD=timemachine
- SET_PERMISSIONS=false
- SHARE_NAME=TimeMachine
- SMB_PORT=445
- VOLUME_SIZE_LIMIT=0
- WORKGROUP=WORKGROUP

I suspect the environment variable in docker-compose should in fact be TM_USERNAME but want to confirm with you before I mess something up.

Thanks!

Limit available disk space for backup?

Is there a way to limit the space that could be use by timemachine backup so it doesn't fill my disk?

Thanks!

Capability to specify uid/gid of "timemachine"

The uid you use "1000" is an important uid in my case, is it possible to specify a different uid via environment variable or mounted config file?

Macvlan Connectivity

Hey Matt,

I'm so close to getting this working with macvlan. I'm able to see the share, but unlike with host networking I cannot connect to it successfully, it eventually just times out. Here's my logs and my compose with debugging turned up. Please let me know if anything jumps out.

I have a host level SMB service set up as this is running on my NAS system, so I had to adjust the external container ports. Not sure if that's the issue. Thanks!

today at 6:23 PM INFO: CUSTOM_SMB_CONF=false; generating [global] section of /etc/samba/smb.conf...
today at 6:23 PM Creating /var/log/samba/cores
today at 6:23 PM INFO: Avahi - generating base configuration in /etc/avahi/services/smbd.service...
today at 6:23 PM INFO: Avahi - adding the 'dk0', 'TimeMachine' share txt-record to /etc/avahi/services/smbd.service...
today at 6:23 PM INFO: Group timemachine doesn't exist; creating...
today at 6:23 PM INFO: User timemachine doesn't exist; creating...
today at 6:23 PM INFO: Using default password: timemachine
today at 6:23 PM chpasswd: password for 'timemachine' changed
today at 6:23 PM INFO: INFO: CUSTOM_SMB_CONF=false; generating [TimeMachine] section of /etc/samba/smb.conf...
today at 6:23 PM INFO: Samba - Created Added user timemachine.
today at 6:23 PM INFO: Samba - Enabled user timemachine.
today at 6:23 PM INFO: Samba - setting password
today at 6:23 PM INFO: SET_PERMISSIONS=false; not setting ownership and permissions for /opt/timemachine
today at 6:23 PM INFO: Avahi - completing the configuration in /etc/avahi/services/smbd.service...
today at 6:23 PM INFO: smbd PID exists; removing...
today at 6:23 PM removed '/run/samba/smbd.pid'
today at 6:23 PM INFO: entrypoint complete; executing 's6-svscan /etc/s6'
today at 6:23 PM dbus socket not yet available; sleeping...
today at 6:23 PM nmbd version 4.12.2 started.
today at 6:23 PM Copyright Andrew Tridgell and the Samba Team 1992-2020
today at 6:23 PM lp_load_ex: refreshing parameters
today at 6:23 PM Initialising global parameters
today at 6:23 PM Processing section "[global]"
today at 6:23 PM Registered MSG_REQ_POOL_USAGE
today at 6:23 PM Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
today at 6:23 PM lp_load_ex: refreshing parameters
today at 6:23 PM Initialising global parameters
today at 6:23 PM Processing section "[global]"
today at 6:23 PM services not loaded
today at 6:23 PM standard input is not a socket, assuming -D option
today at 6:23 PM Becoming a daemon.
today at 6:23 PM Registered MSG_REQ_POOL_USAGE
today at 6:23 PM Opening sockets 137
today at 6:23 PM open_sockets: Broadcast sockets opened.
today at 6:23 PM added interface eth0 ip=192.168.60.100 bcast=192.168.60.255 netmask=255.255.255.0
today at 6:23 PM making subnet name:192.168.60.100 Broadcast address:192.168.60.255 Subnet mask:255.255.255.0
today at 6:23 PM making subnet name:UNICAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0
today at 6:23 PM making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0
today at 6:23 PM Loaded hosts file /etc/samba/lmhosts
today at 6:23 PM add_name_to_subnet: Added netbios name *<00> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet 192.168.60.100
today at 6:23 PM add_name_to_subnet: Added netbios name *<20> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet 192.168.60.100
today at 6:23 PM add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet 192.168.60.100
today at 6:23 PM add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet 192.168.60.100
today at 6:23 PM create_server_on_workgroup: Created server entry TIMEMACHINE of type 40819a03 (Samba 4.12.2) on workgroup WORKGROUP.
today at 6:23 PM initiate_myworkgroup_startup: Added server name entry TIMEMACHINE on subnet 192.168.60.100
today at 6:23 PM add_name_to_subnet: Added netbios name *<00> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet UNICAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name *<20> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet UNICAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet UNICAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet UNICAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name TIMEMACHINE<20> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet UNICAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name TIMEMACHINE<03> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet UNICAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name TIMEMACHINE<00> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet UNICAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name WORKGROUP<00> with first IP 192.168.60.100 ttl=0 nb_flags=80 to subnet UNICAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name WORKGROUP<1e> with first IP 192.168.60.100 ttl=0 nb_flags=80 to subnet UNICAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name *<00> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet REMOTE_BROADCAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name *<20> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet REMOTE_BROADCAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name __SAMBA__<20> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet REMOTE_BROADCAST_SUBNET
today at 6:23 PM add_name_to_subnet: Added netbios name __SAMBA__<00> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet REMOTE_BROADCAST_SUBNET
today at 6:23 PM daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
today at 6:23 PM send_host_announcement: type 819a03 for host TIMEMACHINE on subnet 192.168.60.100 for workgroup WORKGROUP
today at 6:23 PM smbd version 4.12.2 started.
today at 6:23 PM Copyright Andrew Tridgell and the Samba Team 1992-2020
today at 6:23 PM uid=0 gid=0 euid=0 egid=0
today at 6:23 PM lp_load_ex: refreshing parameters
today at 6:23 PM Initialising global parameters
today at 6:23 PM Processing section "[global]"
today at 6:23 PM Registered MSG_REQ_POOL_USAGE
today at 6:23 PM Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
today at 6:23 PM lp_load_ex: refreshing parameters
today at 6:23 PM Initialising global parameters
today at 6:23 PM Processing section "[global]"
today at 6:23 PM Processing section "[TimeMachine]"
today at 6:23 PM adding IPC service
today at 6:23 PM added interface eth0 ip=192.168.60.100 bcast=192.168.60.255 netmask=255.255.255.0
today at 6:23 PM loaded services
today at 6:23 PM INFO: Profiling support unavailable in this build.
today at 6:23 PM Standard input is not a socket, assuming -D option
today at 6:23 PM Becoming a daemon.
today at 6:23 PM Registered MSG_REQ_POOL_USAGE
today at 6:23 PM No builtin backend found, trying to load plugin
today at 6:23 PM load_module_absolute_path: Module '/usr/lib/samba/pdb/tdbsam.so' loaded
today at 6:23 PM pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
today at 6:23 PM Registered MSG_REQ_POOL_USAGE
today at 6:23 PM Registered MSG_REQ_POOL_USAGE
today at 6:23 PM Failed to fetch domain sid for WORKGROUP
today at 6:23 PM Initialise the svcctl registry keys if needed.
today at 6:23 PM Initialise the eventlog registry keys if needed.
today at 6:23 PM register_rpc_module: Successfully added RPC module 'mdssvc'
today at 6:23 PM daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
today at 6:23 PM start_background_queue: Starting background LPQ thread
today at 6:23 PM Failed to fetch record!
today at 6:23 PM waiting for connections
today at 6:23 PM Registered MSG_REQ_POOL_USAGE
today at 6:23 PM reloading printcap cache
today at 6:23 PM pcap_cache_reload: skipping reload - load printers disabled
today at 6:23 PM Found user 'avahi' (UID 86) and group 'avahi' (GID 86).
today at 6:23 PM Successfully dropped root privileges.
today at 6:23 PM avahi-daemon 0.8 starting up.
today at 6:23 PM WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
today at 6:23 PM Loading service file /etc/avahi/services/smbd.service.
today at 6:23 PM Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.60.100.
today at 6:23 PM New relevant interface eth0.IPv4 for mDNS.
today at 6:23 PM Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
today at 6:23 PM New relevant interface lo.IPv4 for mDNS.
today at 6:23 PM Network interface enumeration completed.
today at 6:23 PM Registering new address record for 192.168.60.100 on eth0.IPv4.
today at 6:23 PM Registering new address record for 127.0.0.1 on lo.IPv4.
today at 6:23 PM Server startup complete. Host name is TimeMachine.local. Local service cookie is 1456743550.
today at 6:23 PM Service "TimeMachine" (/etc/avahi/services/smbd.service) successfully established.
today at 6:23 PM add_name_to_subnet: Added netbios name TIMEMACHINE<20> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet 192.168.60.100
today at 6:23 PM add_name_to_subnet: Added netbios name TIMEMACHINE<03> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet 192.168.60.100
today at 6:23 PM add_name_to_subnet: Added netbios name TIMEMACHINE<00> with first IP 192.168.60.100 ttl=0 nb_flags= 0 to subnet 192.168.60.100
today at 6:23 PM add_name_to_subnet: Added netbios name WORKGROUP<00> with first IP 192.168.60.100 ttl=0 nb_flags=80 to subnet 192.168.60.100
today at 6:23 PM add_name_to_subnet: Added netbios name WORKGROUP<1e> with first IP 192.168.60.100 ttl=0 nb_flags=80 to subnet 192.168.60.100
today at 6:23 PM check_for_master_browser_fail: Forcing election on workgroup WORKGROUP subnet 192.168.60.100
today at 6:23 PM check_elections: >>> Starting election for workgroup WORKGROUP on subnet 192.168.60.100 <<<
today at 6:23 PM write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat
today at 6:23 PM send_election_dgram: Sending election packet for workgroup WORKGROUP on subnet 192.168.60.100

  timemachine:
    image: mbentley/timemachine:smb
    container_name: timemachine
    hostname: TimeMachine
    restart: unless-stopped
    networks:
      timeMachine:
        ipv4_address: 192.168.60.100
    ports:
      - "1137:137/udp"
      - "1138:138/udp"
      - "1139:139"
      - "446:445"
    volumes:
      - /mnt/zfs/data/timemachine:/opt/timemachine
      - timemachine-var-lib-samba:/var/lib/samba
      - timemachine-var-cache-samba:/var/cache/samba
      - timemachine-run-samba:/run/samba
    environment:
      - CUSTOM_SMB_CONF=false
      - CUSTOM_USER=false
      - LOG_LEVEL=info
      - EXTERNAL_CONF=
      - HIDE_SHARES=no
      - MIMIC_MODEL=TimeCapsule8,119
      - TM_USERNAME=timemachine
      - TM_GROUPNAME=timemachine
      - TM_UID=1000
      - TM_GID=1000
      - PASSWORD=timemachine
      - SET_PERMISSIONS=false
      - SHARE_NAME=TimeMachine
      - SMB_PORT=445
      - VOLUME_SIZE_LIMIT=0
      - WORKGROUP=WORKGROUP
      - DEBUG_LEVEL=3
    ulimits:
      nofile:
        soft: 65536
        hard: 65536

  timeMachine:
    ipam:
      config:
        - subnet: 192.168.60.0/24
    name: timeMachine
    driver: macvlan
    driver_opts:
      com.docker.network.bridge.name: timeMachine
      parent: ens18

[Feature]: Import passwords as NTLM hashes

I've been using dperson/samba which has a function to import smb passwd database. Since I think setting the Unix password to be the same shouldn't be necessary, I was wondering if it's possible to add the ability to import the users from the smb passwd export file.
Relevant code:

    while read name id; do
        grep -q "^$name:" /etc/passwd || adduser -D -H -u "$id" "$name"
    done < <(cut -d: -f1,2 $file | sed 's/:/ /')
    pdbedit -i smbpasswd:$file

This will make moving passwords around a tiny bit safer. I can probably help if there is interest

add additional shares

Would be nice to see /etc/netatalk/afp.conf mountable/overridden from host so that additional shares could be added.

On my old NAS, it used an include = to add additional shares. Maybe this could be an easy way for users to add. Leave the default afp.conf as-is, but add an additional shares.conf which is empty by default, but user could do -v /path/shares.conf:/etc/netatalk/shares.conf for extras.

Thoughts?

ready-start for smb + few more ideas

just wondering, maybe makes sense to organize files and give easier start with smb ?

mv timemachine-compose.yml docker-compose.afp
cp docker-compose.afp docker-compose.smb
vi docker-compose.smb // fix some things, like image...
ln -s docker-compose.yml docker-compose.afp [as current default]

and in README you can point either symlink thisway or otherway. Example inspired by current Dockerfile example in this dir.

ps,

after using /user mount for generating configurations, would be great to remove it from live instance. Security reasons, common standard or smth.
HIDE_SHARES - you might turn on it by default, it's something you can turn around anytime but you don't want to have it on by default on timemachine anyways.
ignore filename~, .hidden files, .swp and etc tmp files in custom-users files. maybe some certain pattern would be safer ? name.conf or smth ?
not configured params - tested, you still need to configure all fields for every account separated. but makes sense to generate UID and GID but in samba conf force reads-writes with certain UID/GID. specially from HOST specific cases in timemachine perspective. Otherwise it might mess up master storage drive and it's easier configure if you dont have copy-paste them to all files. i do remember that samba had special parameters for that...

update:
force user = ...
force group = ...
specify for each share

Use case / test results / future request re: custom_user

OK, I'm confused but not stuck -- I suppose.

I've got a use case that doesn't quite fit the configuration here.

I had a user "timemachine" on my local machine, part of group "backups" UID=1105 / GID = 1105
Every docker service I run with user level account UID = 1000 / GID = 1000
--> I would prefer to re-use this existing user on my machine and not have this container create a new user.
--> I'm not prepared to bind certain (unfamiliar) directories to make this happen.

Test attempts below. TL;DR: OK to have username collide with existing username, provided you keep CUSTOM_USER as false and choose a GID that conforms to a GID for existing username, but not GID=UID for said username, which is unusual.

Future request: change CUSTOM_USER to accept 4 cases:

false: just do your thing, but recall from testing below that UID 1000 / GID 1000 didn't work so something needs a tweak
existing: user supplies an existing linux user account and the information is replicated in smb / avahi as appropriate
bound: user supplies own linux account and binds things per your specifications
group: handle the situation where user wants lots of user accounts to be able to log in. Just seems simpler than handling two binaries in the config, but, hey: it is your pizza store (movie reference)

Thx!

---------- TEST RESULTS -----------

Case 1 - invent new user 'foobar' and try otherwise stock configuration: CUSTOM_USER=false; TM_USERNAME=foobar; TM_GROUPNAME=foobar; password=password; UID = 1000; GID = 1000

docker-compose logs look good, but it is impossible to log into the server: foobar / password doesn't work; foobar / '' doesn't work. Also note the line for "not setting ownership and permissions for /opt/foobar" -- is that right?

docker-compose logs timemachine
timemachine | INFO: CUSTOM_SMB_CONF=false; generating [global] section of /etc/samba/smb.conf...
timemachine | Creating /var/log/samba/cores
timemachine | INFO: Avahi - generating base configuration in /etc/avahi/services/smbd.service...
timemachine | INFO: Avahi - adding the 'dk0', 'Veronica TM Server' share txt-record to /etc/avahi/services/smbd.service...
timemachine | INFO: Group foobar doesn't exist; creating...
timemachine | INFO: User foobar doesn't exist; creating...
timemachine | INFO: Setting password from environment variable
timemachine | chpasswd: password for 'foobar' changed
timemachine | INFO: INFO: CUSTOM_SMB_CONF=false; generating [Veronica TM Server] section of /etc/samba/smb.conf...
timemachine | INFO: Samba - Created User foobar password set to none.
timemachine | INFO: Samba - Enabled user foobar.
timemachine | INFO: Samba - setting password
timemachine | INFO: SET_PERMISSIONS=false; not setting ownership and permissions for /opt/foobar
timemachine | INFO: Avahi - completing the configuration in /etc/avahi/services/smbd.service...
timemachine | INFO: entrypoint complete; executing 's6-svscan /etc/s6'
timemachine | dbus socket not yet available; sleeping...
timemachine | nmbd version 4.12.7 started.
timemachine | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine | daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
timemachine | smbd version 4.12.7 started.
timemachine | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine | INFO: Profiling support unavailable in this build.
timemachine | daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
timemachine | Failed to fetch record!
timemachine | Found user 'avahi' (UID 86) and group 'avahi' (GID 86).
timemachine | Successfully dropped root privileges.
timemachine | avahi-daemon 0.8 starting up.
timemachine | WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
timemachine | Loading service file /etc/avahi/services/smbd.service.
timemachine | Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.16.
timemachine | New relevant interface eth0.IPv4 for mDNS.
timemachine | Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
timemachine | New relevant interface lo.IPv4 for mDNS.
timemachine | Network interface enumeration completed.
timemachine | Registering new address record for 192.168.1.16 on eth0.IPv4.
timemachine | Registering new address record for 127.0.0.1 on lo.IPv4.
timemachine | Server startup complete. Host name is Veronica-TM.local. Local service cookie is 1294941489.
timemachine | Service "Veronica-TM" (/etc/avahi/services/smbd.service) successfully established.

Case 2: intentionally collide with existing user timemachine, group timemachine but without declaring a custom_user (keep as false); all else the same from above.

Seemingly works, but again cannot log in with known good linux username / password

Attaching to timemachine
timemachine | INFO: CUSTOM_SMB_CONF=false; generating [global] section of /etc/samba/smb.conf...
timemachine | Creating /var/log/samba/cores
timemachine | INFO: Avahi - generating base configuration in /etc/avahi/services/smbd.service...
timemachine | INFO: Avahi - adding the 'dk0', 'Veronica TM Server' share txt-record to /etc/avahi/services/smbd.service...
timemachine | INFO: Group timemachine doesn't exist; creating...
timemachine | INFO: User timemachine doesn't exist; creating...
timemachine | INFO: Setting password from environment variable
timemachine | chpasswd: password for 'timemachine' changed
timemachine | INFO: INFO: CUSTOM_SMB_CONF=false; generating [Veronica TM Server] section of /etc/samba/smb.conf...
timemachine | INFO: Samba - Created User timemachine password set to none.
timemachine | INFO: Samba - Enabled user timemachine.
timemachine | INFO: Samba - setting password
timemachine | INFO: SET_PERMISSIONS=false; not setting ownership and permissions for /opt/timemachine
timemachine | INFO: Avahi - completing the configuration in /etc/avahi/services/smbd.service...
timemachine | INFO: entrypoint complete; executing 's6-svscan /etc/s6'
timemachine | dbus socket not yet available; sleeping...
timemachine | nmbd version 4.12.7 started.
timemachine | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine | daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
timemachine | smbd version 4.12.7 started.
timemachine | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine | INFO: Profiling support unavailable in this build.
timemachine | daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
timemachine | Failed to fetch record!
timemachine | Found user 'avahi' (UID 86) and group 'avahi' (GID 86).
timemachine | Successfully dropped root privileges.
timemachine | avahi-daemon 0.8 starting up.
timemachine | WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
timemachine | Loading service file /etc/avahi/services/smbd.service.
timemachine | Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.16.
timemachine | New relevant interface eth0.IPv4 for mDNS.
timemachine | Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
timemachine | New relevant interface lo.IPv4 for mDNS.
timemachine | Network interface enumeration completed.
timemachine | Registering new address record for 192.168.1.16 on eth0.IPv4.
timemachine | Registering new address record for 127.0.0.1 on lo.IPv4.
timemachine | Server startup complete. Host name is Veronica-TM.local. Local service cookie is 3803798048.
timemachine | Service "Veronica-TM" (/etc/avahi/services/smbd.service) successfully established.

Case 3: intentional collision (username = existing linux username 'timemachine') but now set UID and GID to 1105, which are the right UID and GID for id timemachine, sez my linux box.

no dice -- again cannot log in. Output the same

Case 4: intentional collision (username = existing linux username 'timemachine') but now set UID and GID to 1100, which is an odd UID (there is no UID 1100 on my system), but it is the GID for (existing) group backups.

Worked. I can now log in. I lucked into this setup last night and had to test my way back to it today.
BUT -- linux owner is now '1100' ?!

timemachine | INFO: CUSTOM_SMB_CONF=false; generating [global] section of /etc/samba/smb.conf...
timemachine | Creating /var/log/samba/cores
timemachine | INFO: Avahi - generating base configuration in /etc/avahi/services/smbd.service...
timemachine | INFO: Avahi - adding the 'dk0', 'Veronica TM Server' share txt-record to /etc/avahi/services/smbd.service...
timemachine | INFO: Group timemachine doesn't exist; creating...
timemachine | INFO: User timemachine doesn't exist; creating...
timemachine | INFO: Setting password from environment variable
timemachine | chpasswd: password for 'timemachine' changed
timemachine | INFO: INFO: CUSTOM_SMB_CONF=false; generating [Veronica TM Server] section of /etc/samba/smb.conf...
timemachine | INFO: Samba - Created User timemachine password set to none.
timemachine | INFO: Samba - Enabled user timemachine.
timemachine | INFO: Samba - setting password
timemachine | INFO: SET_PERMISSIONS=false; not setting ownership and permissions for /opt/timemachine
timemachine | INFO: Avahi - completing the configuration in /etc/avahi/services/smbd.service...
timemachine | INFO: smbd PID exists; removing...
timemachine | removed '/run/samba/smbd.pid'
timemachine | INFO: entrypoint complete; executing 's6-svscan /etc/s6'
timemachine | dbus socket not yet available; sleeping...
timemachine | nmbd version 4.12.7 started.
timemachine | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine | daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
timemachine | smbd version 4.12.7 started.
timemachine | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine | INFO: Profiling support unavailable in this build.
timemachine | daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
timemachine | Failed to fetch record!
timemachine | Found user 'avahi' (UID 86) and group 'avahi' (GID 86).
timemachine | Successfully dropped root privileges.
timemachine | avahi-daemon 0.8 starting up.
timemachine | WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
timemachine | Loading service file /etc/avahi/services/smbd.service.
timemachine | Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.16.
timemachine | New relevant interface eth0.IPv4 for mDNS.
timemachine | Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
timemachine | New relevant interface lo.IPv4 for mDNS.
timemachine | Network interface enumeration completed.
timemachine | Registering new address record for 192.168.1.16 on eth0.IPv4.
timemachine | Registering new address record for 127.0.0.1 on lo.IPv4.
timemachine | Server startup complete. Host name is Veronica-TM.local. Local service cookie is 2166607592.
timemachine | Service "Veronica-TM" (/etc/avahi/services/smbd.service) successfully established.
timemachine | Failed to fetch record!
timemachine | pcap cache not loaded
timemachine | *****
timemachine |
timemachine | Samba name server VERONICA-TM is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.16
timemachine |
timemachine | *****

case 5: intentional collision; keep UID / GUID the same as previous case; try CUSTOM_USER = true

Cannot connect. Fails to find Unix account for timemachine!

timemachine | INFO: CUSTOM_SMB_CONF=false; generating [global] section of /etc/samba/smb.conf...
timemachine | Creating /var/log/samba/cores
timemachine | INFO: Avahi - generating base configuration in /etc/avahi/services/smbd.service...
timemachine | INFO: Avahi - adding the 'dk0', 'Veronica TM Server' share txt-record to /etc/avahi/services/smbd.service...
timemachine | INFO: CUSTOM_USER=true; skipping user, group, and data directory creation; using pre-existing values in /etc/passwd, /etc/group, and /etc/shadow
timemachine | INFO: CUSTOM_SMB_CONF=false; generating [Veronica TM Server] section of /etc/samba/smb.conf...
timemachine | Failed to find a Unix account for timemachine
timemachine | Failed to find a Unix account for timemachine
timemachine | INFO: Samba - Created User timemachine password set to none.
timemachine | Failed to find a Unix account for timemachine
timemachine | Failed to find a Unix account for timemachine
timemachine | Failed to find a Unix account for timemachine
timemachine | INFO: Samba - Enabled user timemachine.
timemachine | INFO: Samba - setting password
timemachine | Failed to find a Unix account for timemachine
timemachine | Failed to find a Unix account for timemachine
timemachine | INFO: SET_PERMISSIONS=false; not setting ownership and permissions for /opt/timemachine
timemachine | INFO: Avahi - completing the configuration in /etc/avahi/services/smbd.service...
timemachine | INFO: smbd PID exists; removing...
timemachine | removed '/run/samba/smbd.pid'
timemachine | INFO: entrypoint complete; executing 's6-svscan /etc/s6'
timemachine | dbus socket not yet available; sleeping...
timemachine | nmbd version 4.12.7 started.
timemachine | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine | daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
timemachine | smbd version 4.12.7 started.
timemachine | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine | INFO: Profiling support unavailable in this build.
timemachine | daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
timemachine | Failed to fetch record!
timemachine | Found user 'avahi' (UID 86) and group 'avahi' (GID 86).
timemachine | Successfully dropped root privileges.
timemachine | avahi-daemon 0.8 starting up.
timemachine | WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
timemachine | Loading service file /etc/avahi/services/smbd.service.
timemachine | Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.16.
timemachine | New relevant interface eth0.IPv4 for mDNS.
timemachine | Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
timemachine | New relevant interface lo.IPv4 for mDNS.
timemachine | Network interface enumeration completed.
timemachine | Registering new address record for 192.168.1.16 on eth0.IPv4.
timemachine | Registering new address record for 127.0.0.1 on lo.IPv4.
timemachine | Server startup complete. Host name is Veronica-TM.local. Local service cookie is 3836076221.
timemachine | Service "Veronica-TM" (/etc/avahi/services/smbd.service) successfully established.

Rounding issues with free space

I created a partition on my NAS for TM backups.

/dev/mapper/bigstorage--vg-timemachine  250G   15G  236G   6% /opt/timemachine

Then I launched the docker with the following:

-e VOLUME_SIZE_LIMIT="250000"

When I add the disk to TM on the mac, it says "247 GB of 262 GB available". Where is the rounding/math error? If I set VOLUME_SIZE_LIMIT to 0, then TM on mac says "Zero GB of --- available". Is that correct? If I set to 0, will it default limit to size of partition?

Speed of Transfer

Any recommendations for speed transfer. Mine is capped at 4-5MB/s on 5GHz channel and Time Machine hardwired. Regular upload to server I can pull up to 40MB/s with like a movie

macOS Big Sur finder hangs sometimes

I configured timemachine docker image on Ubuntu 20.04 VM (hyper-v) with 2Tb drive

timemachine:
  image: mbentley/timemachine
  container_name: timemachine
  environment: 
    PASSWORD: P@ssw0rd
    TM_USERNAME: timemachine
    TM_GROUPNAME: timemachine
    TM_UID: 1000
    TM_GID: 1000
    SHARE_NAME: "Time Machine"
  volumes:
    - /mnt/timecapsule1/macbookbackup:/opt/timemachine
  network_mode: host
  restart: always

Sometimes when I open Finder it hangs for 5-15 sec. It happens only when timemachine container works.
I suppose finder connects to network drive at this time.

When 'Time Machine' share appears in finder it become ok. Very annoying because I can't use finder for those 15 second every time.

How can it be fixed?

Thank you!

No issue, it runs perfectly, just wanted to say thank you for this! It gave a new life to my old linux machine, backing up my mac ;)Really appreciated. Please close this when you see

Advertising shares in multi-user environments

It would be great if the shares could be added to the avahi configuration in the multi-user use case.

The most complete specification I could find is http://netatalk.sourceforge.net/wiki/index.php/Bonjour_record_adisk_adVF_values

Unable to accept connections after the last change?

I have a script to recreate and run the container and recently the container started to refusing connections (from all clients: Windows, MacOS, Linux).
I don't think the latest changes have anything to do but just wondering in case. I will start troubleshooting

My script

docker rm -f timemachine
docker run -d \
  --restart always \
  --name timemachine \
  -h timemachine \
  --net macnet32 \
  --ip 192.168.2.200 \
  -e CUSTOM_SMB_CONF="false" \
  -e CUSTOM_USER="false" \
  -e DEBUG_LEVEL="1" \
  -e MIMIC_MODEL="TimeCapsule8,119" \
  -e HIDE_SHARES="no" \
  -e TM_USERNAME="timemachine" \
  -e TM_GROUPNAME="timemachine" \
  -e TM_UID="1000" \
  -e TM_GID="1000" \
  -e PASSWORD="timemachine" \
  -e SET_PERMISSIONS="false" \
  -e SHARE_NAME="TimeMachine" \
  -e SMB_PORT="445" \
  -e VOLUME_SIZE_LIMIT="0" \
  -e WORKGROUP="WORKGROUP" \
  -v /Backup/timemachine/TimeMachine:/opt/timemachine \
  -v /Backup/timemachine/TM_Config/var-lib-samba:/var/lib/samba \
  -v /Backup/timemachine/TM_Config/var-cache-samba:/var/cache/samba \
  -v /Backup/timemachine/TM_Config/run-samba:/run/samba \
  mbentley/timemachine:smb

Sample error:

'Network backup disk cannot be accessed' with default config

Hi,

We're currently running into some trouble getting TimeMachine to backup to a remote Linux (CentOS8) server, specifically the errors below:
The network backup disk could not be accessed because there was a problem with the network username or password. You may need to re-select the backup disk and enter the correct username and password. --> From TimeMachine itself
and
Failed to fetch record! pcap cache not loaded error in mds_init_ctx for: /opt/timemachine _mdssvc_open: Couldn't create policy handle for timemachine in the logs of the timemachine Docker container. Those last two lines repeat each time we try to backup from TimeMachine.

All config is kept default (without Avahi discovery); User/pw should both be 'timemachine'
We can connect to the share with cmd+K in Finder (using timemachine/timemachine)
Error happens when TimeMachine tries to backup
Due to some company VPN & firewall stuff, we're connecting to the SMB port on the remote Linux server using ssh -L from a Mac (possible cause?)

We've checked whether permissions on the server are setup right (they seem to be), and searching the particular errors separately on SMB questions/fora does not seem to get us tangible results or leads to debug further. Does anyone have an idea what we're running into here?

[Big Sur Beta 7] There was an error configuring “/Volumes/***” as a Time Machine backup disk.

Hi there!

Thanks for this really cool project! I have it working really well on one of my machines :)

However, on my other machine (Which is actually running the Big Sur beta) I am unable to get this to work. I get the following error message after going to time machine, choosing the correct share for my user, and entering the details correctly:

There was an error configuring “/Volumes/***” as a Time Machine backup disk.

*** is a substitution for the actual shares name

On my Catalina machine, it works really well. It connected no worries, and it's currently creating its first backup now :)

I wouldn't really know where to start debugging this, so this is where I am asking for a bit of help, here are some logs from the container itself, they perhaps point towards a problem?:

timemachine     | ===============================================================
timemachine     | INTERNAL ERROR: Signal 11 in pid 58 (4.12.2)
timemachine     | If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
timemachine     | ===============================================================
timemachine     | PANIC (pid 58): internal error
timemachine     | unable to produce a stack trace on this platform
timemachine     | dumping core in /var/log/samba/cores/smbd
timemachine     | ===============================================================
timemachine     | INTERNAL ERROR: Signal 11 in pid 67 (4.12.2)
timemachine     | If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
timemachine     | ===============================================================
timemachine     | PANIC (pid 67): internal error
timemachine     | unable to produce a stack trace on this platform
timemachine     | dumping core in /var/log/samba/cores/smbd
timemachine     | ===============================================================
timemachine     | INTERNAL ERROR: Signal 11 in pid 87 (4.12.2)
timemachine     | If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
timemachine     | ===============================================================
timemachine     | PANIC (pid 87): internal error
timemachine     | unable to produce a stack trace on this platform
timemachine     | dumping core in /var/log/samba/cores/smbd
timemachine     | Failed to fetch record!
timemachine     | pcap cache not loaded
timemachine     | ===============================================================
timemachine     | INTERNAL ERROR: Signal 11 in pid 94 (4.12.2)
timemachine     | If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
timemachine     | ===============================================================
timemachine     | PANIC (pid 94): internal error
timemachine     | unable to produce a stack trace on this platform
timemachine     | dumping core in /var/log/samba/cores/smbd
timemachine     | smb2_validate_sequence_number: smb2_validate_sequence_number: bad message_id 3 (sequence id 3) (granted = 1, low = 2, range = 1)
timemachine     | ===============================================================
timemachine     | INTERNAL ERROR: Signal 11 in pid 110 (4.12.2)
timemachine     | If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
timemachine     | ===============================================================
timemachine     | PANIC (pid 110): internal error
timemachine     | unable to produce a stack trace on this platform
timemachine     | dumping core in /var/log/samba/cores/smbd
timemachine     | ===============================================================
timemachine     | INTERNAL ERROR: Signal 11 in pid 118 (4.12.2)
timemachine     | If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
timemachine     | ===============================================================
timemachine     | PANIC (pid 118): internal error
timemachine     | unable to produce a stack trace on this platform
timemachine     | dumping core in /var/log/samba/cores/smbd

And in case it is needed: My docker-compose.yaml file:

version: "2.1"
services:
  time-machine:
    image: mbentley/timemachine:smb-armv7l
    container_name: timemachine
    network_mode: host
    environment:
      - SHARE_NAME=TimeMachine
      - EXTERNAL_CONF=/conf
    volumes:
      - /home/jacob/Time-Machine/users:/conf
      - /home/jacob/Time-Machine/timemachine/var-lib-samba:/var/lib/samba
      - /home/jacob/Time-Machine/timemachine/var-cache-samba:/var/cache/samba
      - /home/jacob/Time-Machine/timemachine/run-samba:/run/samba
      - /mnt/cache/Time-Machine/*:/opt/*
      - /mnt/cache/Time-Machine/*:/opt/*

The .conf file for the specific user:

TM_USERNAME=*
TM_GROUPNAME=*group
PASSWORD=***
SHARE_NAME=*s-timemachine
VOLUME_SIZE_LIMIT="300 G"
TM_UID=1000
TM_GID=1000

A few substitutions for the names, I have checked and made sure everything is right

I am not too familiar with Samba and with how Time Machine specifically works, so perhaps someone would be able to point me in the right direction? Happy to do any debugging steps or provide any logs :)

I appreciate the help! And cheers for the great project!

EDIT: Nice, after all my redactions still forgot something :P

Latest armv7l docker image is broken

After upgrading to the latest armv7l docker image the service doesn't come up again.

docker logs keeps posting the following output:

s6-supervise avahi: warning: can't happen: timeout while the service is up!
s6-supervise dbus: warning: can't happen: timeout while the service is up!
s6-supervise nmbd: warning: can't happen: timeout while the service is up!
s6-supervise avahi: warning: can't happen: timeout while the service is up!
s6-supervise smbd: warning: can't happen: timeout while the service is up!
s6-supervise dbus: warning: can't happen: timeout while the service is up!
s6-supervise nmbd: warning: can't happen: timeout while the service is up!
s6-supervise smbd: warning: can't happen: timeout while the service is up!
s6-supervise avahi: warning: can't happen: timeout while the service is up!

Multiple user

Thanks for this detailed docker.

I have a question, that I think is more Docker related than samba related.

I successfully managed to run your Docker (I tried one by one all smb methods). I want to implement a multiple user one. I had no problem adding a user via a .conf file. But I must be doing something wrong, because the sparsebundle is not stored in the share. I can access the share from the Mac (or from any computer on the network) but it seems the bundle is stored in a folder inside the Docker image and not on the host disk. As I said, I think this is something from Docker that I don't quite understand. If I use find command I can find the bundle in /var/lib/docker/overlay2/etc folder.

I will continue investigating how to set users correctly.

Regards

Gonzalo

Cannot backup via TimeMachine

Container logs:

timemachine    | INFO: CUSTOM_SMB_CONF=false; generating [global] section of /etc/samba/smb.conf...
timemachine    | Creating /var/lib/samba/private
timemachine    | Creating /var/log/samba/cores
timemachine    | INFO: Avahi - generating base configuration in /etc/avahi/services/smbd.service...
timemachine    | INFO: Avahi - adding the 'dk0', 'TimeMachine' share txt-record to /etc/avahi/services/smbd.service...
timemachine    | INFO: Group timemachine doesn't exist; creating...
timemachine    | INFO: User timemachine doesn't exist; creating...
timemachine    | adduser: /opt/timemachine: Operation not permitted
timemachine    | INFO: Setting password from environment variable
timemachine    | chpasswd: password for 'timemachine' changed
timemachine    | INFO: INFO: CUSTOM_SMB_CONF=false; generating [TimeMachine] section of /etc/samba/smb.conf...
timemachine    | INFO: Samba - Created Added user timemachine.
timemachine    | INFO: Samba - Enabled user timemachine.
timemachine    | INFO: Samba - setting password
timemachine    | INFO: changed ownership of '/opt/timemachine' to 1000:1000
timemachine    | INFO: mode of '/opt/timemachine' changed to 0770 (rwxrwx---)
timemachine    | INFO: Avahi - completing the configuration in /etc/avahi/services/smbd.service...
timemachine    | INFO: entrypoint complete; executing 's6-svscan /etc/s6'
timemachine    | dbus socket not yet available; sleeping...
timemachine    | nmbd version 4.12.2 started.
timemachine    | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine    | daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
timemachine    | smbd version 4.12.2 started.
timemachine    | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine    | INFO: Profiling support unavailable in this build.
timemachine    | daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
timemachine    | Failed to fetch record!
timemachine    | Found user 'avahi' (UID 86) and group 'avahi' (GID 86).
timemachine    | Successfully dropped root privileges.
timemachine    | avahi-daemon 0.8 starting up.
timemachine    | WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
timemachine    | Loading service file /etc/avahi/services/smbd.service.
timemachine    | Joining mDNS multicast group on interface vethd0fd8e7.IPv6 with address fe80::a812:11ff:fed4:2811.
timemachine    | New relevant interface vethd0fd8e7.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface vethb4ba001.IPv6 with address fe80::5c18:dfff:fe0a:1d3a.
timemachine    | New relevant interface vethb4ba001.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface veth26a35bb.IPv6 with address fe80::dcfc:c5ff:fe75:dae4.
timemachine    | New relevant interface veth26a35bb.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface vethc892722.IPv6 with address fe80::8cfb:68ff:fe7b:e8bd.
timemachine    | New relevant interface vethc892722.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface veth618dc9c.IPv6 with address fe80::b083:3aff:fedb:dbaf.
timemachine    | New relevant interface veth618dc9c.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface br-506b291c962e.IPv6 with address fe80::42:7cff:fe9e:aadc.
timemachine    | New relevant interface br-506b291c962e.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface br-506b291c962e.IPv4 with address 172.22.0.1.
timemachine    | New relevant interface br-506b291c962e.IPv4 for mDNS.
timemachine    | Joining mDNS multicast group on interface br-db24fca680d9.IPv6 with address fe80::42:ffff:fe31:5e66.
timemachine    | New relevant interface br-db24fca680d9.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface br-db24fca680d9.IPv4 with address 172.21.0.1.
timemachine    | New relevant interface br-db24fca680d9.IPv4 for mDNS.
timemachine    | Joining mDNS multicast group on interface br-d56ad1500bb5.IPv6 with address fe80::42:2cff:feb3:c265.
timemachine    | New relevant interface br-d56ad1500bb5.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface br-d56ad1500bb5.IPv4 with address 172.20.0.1.
timemachine    | New relevant interface br-d56ad1500bb5.IPv4 for mDNS.
timemachine    | Joining mDNS multicast group on interface docker0.IPv4 with address 172.17.0.1.
timemachine    | New relevant interface docker0.IPv4 for mDNS.
timemachine    | Joining mDNS multicast group on interface br-6cee78cbcb7b.IPv6 with address fe80::42:a9ff:fe1d:b303.
timemachine    | New relevant interface br-6cee78cbcb7b.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface br-6cee78cbcb7b.IPv4 with address 172.18.0.1.
timemachine    | New relevant interface br-6cee78cbcb7b.IPv4 for mDNS.
timemachine    | Joining mDNS multicast group on interface enp0s25.IPv6 with address fe80::921b:eff:fe5b:79f3.
timemachine    | New relevant interface enp0s25.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface enp0s25.IPv4 with address 192.168.178.45.
timemachine    | New relevant interface enp0s25.IPv4 for mDNS.
timemachine    | Joining mDNS multicast group on interface lo.IPv6 with address ::1.
timemachine    | New relevant interface lo.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
timemachine    | New relevant interface lo.IPv4 for mDNS.
timemachine    | Network interface enumeration completed.
timemachine    | Registering new address record for fe80::a812:11ff:fed4:2811 on vethd0fd8e7.*.
timemachine    | Registering new address record for fe80::5c18:dfff:fe0a:1d3a on vethb4ba001.*.
timemachine    | Registering new address record for fe80::dcfc:c5ff:fe75:dae4 on veth26a35bb.*.
timemachine    | Registering new address record for fe80::8cfb:68ff:fe7b:e8bd on vethc892722.*.
timemachine    | Registering new address record for fe80::b083:3aff:fedb:dbaf on veth618dc9c.*.
timemachine    | Registering new address record for fe80::42:7cff:fe9e:aadc on br-506b291c962e.*.
timemachine    | Registering new address record for 172.22.0.1 on br-506b291c962e.IPv4.
timemachine    | Registering new address record for fe80::42:ffff:fe31:5e66 on br-db24fca680d9.*.
timemachine    | Registering new address record for 172.21.0.1 on br-db24fca680d9.IPv4.
timemachine    | Registering new address record for fe80::42:2cff:feb3:c265 on br-d56ad1500bb5.*.
timemachine    | Registering new address record for 172.20.0.1 on br-d56ad1500bb5.IPv4.
timemachine    | Registering new address record for 172.17.0.1 on docker0.IPv4.
timemachine    | Registering new address record for fe80::42:a9ff:fe1d:b303 on br-6cee78cbcb7b.*.
timemachine    | Registering new address record for 172.18.0.1 on br-6cee78cbcb7b.IPv4.
timemachine    | Registering new address record for fe80::921b:eff:fe5b:79f3 on enp0s25.*.
timemachine    | Registering new address record for 192.168.178.45 on enp0s25.IPv4.
timemachine    | Registering new address record for ::1 on lo.*.
timemachine    | Registering new address record for 127.0.0.1 on lo.IPv4.
timemachine    | Server startup complete. Host name is homeserver.local. Local service cookie is 174545229.
timemachine    | Service "homeserver" (/etc/avahi/services/smbd.service) successfully established.
timemachine    | *****
timemachine    |
timemachine    | Samba name server HOMESERVER is now a local master browser for workgroup WORKGROUP on subnet 172.17.0.1
timemachine    |
timemachine    | *****
timemachine    | *****
timemachine    |
timemachine    | Samba name server HOMESERVER is now a local master browser for workgroup WORKGROUP on subnet 172.18.0.1
timemachine    |
timemachine    | *****
timemachine    | *****
timemachine    |
timemachine    | Samba name server HOMESERVER is now a local master browser for workgroup WORKGROUP on subnet 172.20.0.1
timemachine    |
timemachine    | *****
timemachine    | *****
timemachine    |
timemachine    | Samba name server HOMESERVER is now a local master browser for workgroup WORKGROUP on subnet 172.21.0.1
timemachine    |
timemachine    | *****
timemachine    | *****
timemachine    |
timemachine    | Samba name server HOMESERVER is now a local master browser for workgroup WORKGROUP on subnet 172.22.0.1
timemachine    |
timemachine    | *****
timemachine    | *****
timemachine    |
timemachine    | Samba name server HOMESERVER is now a local master browser for workgroup WORKGROUP on subnet 192.168.178.45
timemachine    |
timemachine    | *****
timemachine    | ===============================================================
timemachine    | INTERNAL ERROR: Signal 11 in pid 43 (4.12.2)
timemachine    | If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
timemachine    | ===============================================================
timemachine    | PANIC (pid 43): internal error
timemachine    | unable to produce a stack trace on this platform
timemachine    | coredump is handled by helper binary specified at /proc/sys/kernel/core_pattern
timemachine    | fruit_pwrite_meta_netatalk: ad_pwrite [46E0D046-85BF-54E5-AC90-D64CAE8AC451.sparsebundle:AFP_AfpInfo] failed

/opt/ in docker container:

docker-compose.yml:

version: "3.7"
services:
  timemachine:
    network_mode: "host"
    environment:
      - MIMIC_MODEL=TimeCapsule8,119
      - TM_USER=timemachine
      - TM_GROUPNAME=timemachine
      - TM_UID=1000
      - TM_GID=1000
      - PASSWORD=
      - SET_PERMISSIONS=true
      - SHARE_NAME=TimeMachine
      - WORKGROUP=WORKGROUP
    restart: unless-stopped
    ports:
     - "137:137/udp"
     - "138:138/udp"
     - "139:139"
    volumes:
     - /media/timemachine/:/opt/timemachine
     - ./var-lib-samba:/var/lib/samba
     - ./var-cache-samba:/var/cache/samba
     - ./run-samba:/run/samba
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    container_name: timemachine
    image: mbentley/timemachine:smb
    dns:
      - 1.1.1.2

I have added the "TimeCapsule" in Time Machine but Im not able to backup on it...

Can't backup on two different machines when VOLUME_SIZE_LIMIT is enabled

When I try to use the same timemachine volume on a second MacBook Pro it fails and log shows

timemachine | fruit_tmsize_do_dirent: tmsize potential overflow: bandsize [67108864] nbands [1459]
timemachine | sys_disk_free: VFS disk_free failed. Error was : No error information

This doesn't occur for the first backup/machine and doesn't occur if I don't set VOLUME_SIZE_LIMIT

Raspberry writeup

I did not see any references to any raspberry writeups.

If there are any I would love to know, and so would a load of other people I recon. ;-)

Should the healthcheck.sh fail fast or slow?

Looking at this file /healthcheck.sh, I was wondering if the health check should fail if any dbus-daemon afpd avahi-daemon processes fail, or only if all 3 have failed. It is not clear without knowing the purpose of each process.

# Initialize variables
EXITCODE="0"
PROCESSES="dbus-daemon afpd avahi-daemon"

# check to see if processes are running
for i in ${PROCESSES}
do
  if pgrep "${i}" >/dev/null 2>&1
  then
    # process is running
    echo "${i} is running"
  else
    # process is not running
    echo "${i} is NOT running"
    EXITCODE="1"
  fi
done

# exit returning proper exit code
exit ${EXITCODE}

VOLUME_SIZE_LIMIT not being established

Everything looks fine but time machine preferences show the whole 8TB instead of the VOLUME_SIZE_LIMIT="1 T" that I set in the docker-compose file.

Configure Drive Manually

First of all thank you for this container.
I had to set up manual port as the container was clashing with samba and effectively crashing.

you're notes mention "configure the drive manually". But Im a bit lost there.
Appreciate if you could offer some guidance on how to do this.

Thank you

Container is not starting

Hi, I'm trying to setup this great docker image on my local RaspberryPi (LibreElec with disabled in setting Samba and Avahi), and I'm getting initial setup error, and container constantly trying to restart.

2021-02-05T18:25:29.499046000Z standard_init_linux.go:211: exec user process caused "exec format error"
2021-02-05T18:25:30.368344000Z standard_init_linux.go:211: exec user process caused "exec format error"
2021-02-05T18:25:31.181334000Z standard_init_linux.go:211: exec user process caused "exec format error"
2021-02-05T18:25:32.159433000Z standard_init_linux.go:211: exec user process caused "exec format error"
2021-02-05T18:25:37.089292000Z standard_init_linux.go:211: exec user process caused "exec format error"
...

Here's a fragment of my docker-compose file:

version: '2.1'

services:
 ... a lot of another containers configs ...
  tm:
    image: mbentley/timemachine
    container_name: tm
    network_mode: host
    environment:
      - MIMIC_MODEL=TimeCapsule8,119
      - SHARE_NAME=RPi
      - VOLUME_SIZE_LIMIT=300 G
    volumes:
      - /var/media/media/tm:/opt/timemachine
      - ./tm/var-lib-samba:/var/lib/samba
      - ./tm/var-cache-samba:/var/cache/samba
      - ./tm/run-samba:/run/samba
    restart: unless-stopped

Permission issues

First, thanks for the project and to keep it open.

I cloned locally your repo, then I modify timemachine variables (just the pwd and share_name) and run docker-compose, and the remote server is shown in my Macs, but when I select the server, I get this message:

"You do not have the necessary read, write and append privileges on the selected network backup disk."

I double-check permissions (/timemachine folder is owned by 1000 user and group) but I didn't find logs to report it better. The server is a ubuntu 19.04 with your docker and nothing else, and the client is a Mac with 10.6.8.

Any clue about what is happening?

Thanks for your time,
m.

Make SMB port configurable

It would be great if you could make the SMB port configurable via an environment variable. This would alleviate the need to use the macvlan driver if another Samba instance was already running on the host. Time Machine is fine with alternate SMB ports if they are advertised via Avahi.

Readme: Filesystem recommendation

The readme doesn't say anything about the recommended filesystem for to "Path to backup to"
Does it matter at all? Since most user may use an external drive for the TM path.

How to add additional shares , and access it with same user "timemachine"

I add a new share path "mnt".
and I want to access it with user "timemachine".
but it seems I can only access it with user "mnt".

/etc/samba/smb.conf

[mnt]
   fruit:aapl = yes
   fruit:time machine = yes
   fruit:time machine max size = 1 T
   fruit:nfs_aces = yes
   path = /opt/mnt
   inherit permissions = no
   valid users = mnt timemachine  *******
   browseable = yes
   writable = yes
   vfs objects = acl_xattr fruit streams_xattr

[timemachine]
   fruit:aapl = yes
   fruit:time machine = yes
   fruit:time machine max size = 300 G
   fruit:nfs_aces = yes
   path = /opt/timemachine
   inherit permissions = no
   valid users = timemachine
   browseable = yes
   writable = yes
   vfs objects = acl_xattr fruit streams_xattr

Cannot connect TimeMachine

I have a working container with samba service for local network storage. I use dperson/samba image with a basic configuration:

docker run -it --name samba -p 139:139 -p 445:445 \
  -v /srv/storage/shares/nas:/mount \
  -d -dit --restart unless-stopped dperson/samba -p \
  -u "user;password" \
  -s "public;/mount;yes;no;no;root" \

To configure time machine i had used the default configuration as showed in the README and creating a macvlan

docker network create -d macvlan --subnet=192.168.100.0/24 --gateway=192.168.100.1 -o parent=br0 macvlan1

docker run -d --restart=always \
  --network macvlan1 \
  --ip 192.168.100.230 \
  --name timemachine \
  --hostname timemachine \
  -p 137:137/udp \
  -p 138:138/udp \
  -p 139:139 \
  -p 445:445 \
  -e CUSTOM_SMB_CONF="false" \
  -e CUSTOM_USER="false" \
  -e DEBUG_LEVEL="1" \
  -e HIDE_SHARES="no" \
  -e EXTERNAL_CONF="" \
  -e MIMIC_MODEL="TimeCapsule8,119" \
  -e TM_USERNAME="timemachine" \
  -e TM_GROUPNAME="timemachine" \
  -e TM_UID="1000" \
  -e TM_GID="1000" \
  -e PASSWORD="timemachine" \
  -e SET_PERMISSIONS="false" \
  -e SHARE_NAME="TimeMachine" \
  -e SMB_PORT="445" \
  -e VOLUME_SIZE_LIMIT="0" \
  -e WORKGROUP="WORKGROUP" \
  -v /srv/storage/shares/timemachine:/opt/timemachine \
  -v /srv/storage/samba/timemachine-var-lib-samba:/var/lib/samba \
  -v /srv/storage/samba/timemachine-var-cache-samba:/var/cache/samba \
  -v /srv/storage/samba/timemachine-run-samba:/run/samba \
  mbentley/timemachine:smb

The container startup without problems:

...
Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
New relevant interface lo.IPv4 for mDNS.
Network interface enumeration completed.
Registering new address record for 192.168.100.230 on eth0.IPv4.
Registering new address record for 127.0.0.1 on lo.IPv4.
Server startup complete. Host name is timemachine.local. Local service cookie is 3895032456.
Service "timemachine" (/etc/avahi/services/smbd.service) successfully established.

But in finally i can't connect the service with the Apple Time Machine utility, i only see the samba service in the first container described above.

CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS                    PORTS                                                                    NAMES
c95a28845f32        mbentley/timemachine   "/entrypoint.sh s6-s…"   5 minutes ago       Up 5 minutes                                                                                       timemachine
7c1222ceaf0d        dperson/samba          "/sbin/tini -- /usr/…"   36 minutes ago      Up 36 minutes (healthy)   0.0.0.0:139->139/tcp, 137-138/udp, 0.0.0.0:445->445/tcp                  samba

Suggestion for README

I am now successfully running the container on a Synology NAS system which already has native Samba and avahi services running.

Being a newbie with docker and using the examples in README.md I struggled quite a bit because of issues with the timemachine avahi overriding the NAS advertisements when using host networking or bridge mode (warnings are in the container log).

I would suggest to include a small section for users who want to use the image on a NAS by hinting them to maybe setup a macvlan network instead of host/bridge networking. This way they can keep their NAS setup and do get (in case of Synology) a way more stable TimeMachine.

Issue with using default password

It appears the new support for using a password file is causing the entrypoint.sh to exit when it checks for several environment variables

starting the image with no environment variables set (taking all defaults), I now get this output:

timemachine | INFO: CUSTOM_SMB_CONF=false; generating [global] section of /etc/samba/smb.conf... timemachine | ERROR: Missing one or more of the following variables; unable to create user timemachine | Hint: Is the variable missing or not set in ? timemachine | TM_USERNAME=timemachine timemachine | TM_GROUPNAME=timemachine timemachine | PASSWORD= timemachine | SHARE_NAME=TimeMachine timemachine | TM_UID=1000 timemachine | TM_GID=1000 timemachine exited with code 1

Looking into the entrypoint.sh, the new set_password function gets called after create_user(), so when create_user() checks to see if PASSWORD is set, it fails (because set_password has not been called yet). I verified this by setting PASSWORD in my environment variables in my docker compose file.

Can't backup to mounted SMB/CIFS share

Describe the bug
I've mounted a CIFS share on the host with UID and GUID 1000. Ii've confirmed R/W access from both the host and the container, however, when I attempt to run a TM backup from my Mac, it fails with this error:
The backup disk image could not be created.

To Reproduce
Steps to reproduce the behavior:

Mount CIFS share on host as described.
Map to container as volume.
Attempt to run backup.
See error.

Expected behavior
I'd expect the backup to run successfully.

How you're launching your container

version: '3.3'
services:
    timemachine:
        image: 'mbentley/timemachine:smb'
        restart: unless-stopped
        container_name: timemachine
        network_mode: host
        environment:
            - CUSTOM_SMB_CONF=false
            - CUSTOM_USER=false
            - DEBUG_LEVEL=1
            - 'MIMIC_MODEL=TimeCapsule8,119'
            - EXTERNAL_CONF=
            - HIDE_SHARES=no
            - TM_USERNAME=timemachine
            - TM_GROUPNAME=timemachine
            - TM_UID=1000
            - TM_GID=1000
            - PASSWORD=/redacted/
            - SET_PERMISSIONS=false
            - SMB_INHERIT_PERMISSIONS=true
            - SHARE_NAME=TimeMachine
            - SMB_PORT=445
            - VOLUME_SIZE_LIMIT='1 T'
            - WORKGROUP=WORKGROUP
        volumes:
            - '/mnt/timemachine:/opt/timemachine'
            - 'timemachine-var-lib-samba:/var/lib/samba'
            - 'timemachine-var-cache-samba:/var/cache/samba'
            - 'timemachine-run-samba:/run/samba'

volumes:
    timemachine-var-lib-samba:
    timemachine-var-cache-samba:
    timemachine-run-samba:

Container Logs

The errors can be seen on the last two lines.

timemachine    | INFO: CUSTOM_SMB_CONF=false; generating [global] section of /etc/samba/smb.conf...
timemachine    | INFO: Creating /var/log/samba/cores
timemachine    | INFO: Avahi - generating base configuration in /etc/avahi/services/smbd.service...
timemachine    | INFO: Avahi - adding the 'dk0', 'TimeMachine' share txt-record to /etc/avahi/services/smbd.service...
timemachine    | INFO: Group timemachine doesn't exist; creating...
timemachine    | INFO: User timemachine doesn't exist; creating...
timemachine    | INFO: Setting password from environment variable
timemachine    | chpasswd: password for 'timemachine' changed
timemachine    | INFO: INFO: CUSTOM_SMB_CONF=false; generating [TimeMachine] section of /etc/samba/smb.conf...
timemachine    | INFO: Samba - Created User timemachine password set to none.
timemachine    | INFO: Samba - Enabled user timemachine.
timemachine    | INFO: Samba - setting password
timemachine    | INFO: SET_PERMISSIONS=false; not setting ownership and permissions for /opt/timemachine
timemachine    | INFO: Avahi - completing the configuration in /etc/avahi/services/smbd.service...
timemachine    | INFO: entrypoint complete; executing 's6-svscan /etc/s6'
timemachine    | dbus socket not yet available; sleeping...
timemachine    | nmbd version 4.12.9 started.
timemachine    | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine    | daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
timemachine    | smbd version 4.12.9 started.
timemachine    | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine    | INFO: Profiling support unavailable in this build.
timemachine    | daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
timemachine    | Failed to fetch record!
timemachine    | Found user 'avahi' (UID 86) and group 'avahi' (GID 86).
timemachine    | Successfully dropped root privileges.
timemachine    | avahi-daemon 0.8 starting up.
timemachine    | WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
timemachine    | Loading service file /etc/avahi/services/smbd.service.
timemachine    | Joining mDNS multicast group on interface docker0.IPv4 with address 172.17.0.1.
timemachine    | New relevant interface docker0.IPv4 for mDNS.
timemachine    | Joining mDNS multicast group on interface br-76137d576db5.IPv4 with address 172.21.0.1.
timemachine    | New relevant interface br-76137d576db5.IPv4 for mDNS.
timemachine    | Joining mDNS multicast group on interface ens160.IPv6 with address fe80::250:56ff:fe9a:1bf6.
timemachine    | New relevant interface ens160.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface ens160.IPv4 with address 10.52.0.35.
timemachine    | New relevant interface ens160.IPv4 for mDNS.
timemachine    | Joining mDNS multicast group on interface lo.IPv6 with address ::1.
timemachine    | New relevant interface lo.IPv6 for mDNS.
timemachine    | Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
timemachine    | New relevant interface lo.IPv4 for mDNS.
timemachine    | Network interface enumeration completed.
timemachine    | Registering new address record for 172.17.0.1 on docker0.IPv4.
timemachine    | Registering new address record for 172.21.0.1 on br-76137d576db5.IPv4.
timemachine    | Registering new address record for fe80::250:56ff:fe9a:1bf6 on ens160.*.
timemachine    | Registering new address record for 10.52.0.35 on ens160.IPv4.
timemachine    | Registering new address record for ::1 on lo.*.
timemachine    | Registering new address record for 127.0.0.1 on lo.IPv4.
timemachine    | Server startup complete. Host name is Docker02.local. Local service cookie is 3782400960.
timemachine    | Service "Docker02" (/etc/avahi/services/smbd.service) successfully established.
timemachine    | *****
timemachine    |
timemachine    | Samba name server DOCKER02 is now a local master browser for workgroup WORKGROUP on subnet 172.21.0.1
timemachine    |
timemachine    | *****
timemachine    | *****
timemachine    |
timemachine    | Samba name server DOCKER02 is now a local master browser for workgroup WORKGROUP on subnet 10.52.0.35
timemachine    |
timemachine    | *****
timemachine    | *****
timemachine    |
timemachine    | Samba name server DOCKER02 is now a local master browser for workgroup WORKGROUP on subnet 172.17.0.1
timemachine    |
timemachine    | *****
timemachine    | fruit_pread_meta_stream: Removing [B8600E50-E9F6-53BA-918A-754816B77916.sparsebundle:AFP_AfpInfo] after short read [0]
timemachine    | fruit_pwrite_meta_stream: On-demand create [B8600E50-E9F6-53BA-918A-754816B77916.sparsebundle:AFP_AfpInfo] in write failed: Invalid argument

Additional context

$ docker exec -it timemachine /bin/sh
/ # cd /opt/timemachine/
/opt/timemachine # ls -lah
total 12K
drwxr-xr-x    2 timemach timemach       0 Mar 27 13:57 .
drwxr-xr-x    1 root     root        4.0K Mar 27 13:51 ..
-rwxr-xr-x    1 timemach timemach    6.0K Mar 27 12:37 .DS_Store
/opt/timemachine # touch testFile
/opt/timemachine # ls -lah
total 12K
drwxr-xr-x    2 timemach timemach       0 Mar 27 13:58 .
drwxr-xr-x    1 root     root        4.0K Mar 27 13:51 ..
-rwxr-xr-x    1 timemach timemach    6.0K Mar 27 12:37 .DS_Store
-rwxr-xr-x    1 timemach timemach       0 Mar 27 13:58 testFile
/opt/timemachine # rm testFile
/opt/timemachine # ls -lah
total 12K
drwxr-xr-x    2 timemach timemach       0 Mar 27 13:58 .
drwxr-xr-x    1 root     root        4.0K Mar 27 13:51 ..
-rwxr-xr-x    1 timemach timemach    6.0K Mar 27 12:37 .DS_Store

Cannot bring up the container

Hello,

Thank you for maintaining this project. It is very nice to host a time machine as simple as deploying a container.

Unfortunately I cannot get it working and I'm not sure where I am doing wrong because the logs aren't so clear.
I can see the server from the mac but the connection time out when I'm trying to connect to it. I've opened the ports 137/udp, 138/udp, 139/tcp, 445/tcp on the server.

This is the docker-compose I'm using:

version: '3.4'

services:
  timemachine:
    image: mbentley/timemachine:smb
    container_name: timemachine
    network_mode: "host"
#     ports:
#      - 137:137/udp
#      - 138:138/udp
#      - 139:139
#      - 445:445
    environment:
      - CUSTOM_SMB_CONF=false
      - CUSTOM_USER=false
      - DEBUG_LEVEL=1
      - MIMIC_MODEL=TimeCapsule8,119
      - EXTERNAL_CONF=
      - HIDE_SHARES=no
      - TM_USERNAME=timemachine
      - TM_GROUPNAME=timemachine
      - TM_UID=1000
      - TM_GID=1000
      - PASSWORD=timemachine
      - SET_PERMISSIONS=false
      - SHARE_NAME=TimeMachine
      - SMB_PORT=445
      - VOLUME_SIZE_LIMIT=0
      - WORKGROUP=WORKGROUP
    volumes:
      - ./data:/opt/timemachine
      - timemachine-var-lib-samba:/var/lib/samba
      - timemachine-var-cache-samba:/var/cache/samba
      - timemachine-run-samba:/run/samba
volumes:
  timemachine-var-lib-samba:
  timemachine-var-cache-samba:
  timemachine-run-samba:

Those are the logs:

Attaching to timemachine
 INFO: CUSTOM_SMB_CONF=false; generating [global] section of /etc/samba/smb.conf...
 INFO: Avahi - generating base configuration in /etc/avahi/services/smbd.service...
 INFO: Avahi - adding the 'dk0', 'TimeMachine' share txt-record to /etc/avahi/services/smbd.service...
 INFO: Group timemachine exists; skipping creation
 INFO: User timemachine exists; skipping creation
 INFO: CUSTOM_SMB_CONF=false; generating [TimeMachine] section of /etc/samba/smb.conf...
 INFO: Samba - Created User timemachine password set to none.
 INFO: Samba - Enabled user timemachine.
 INFO: Samba - setting password
 INFO: SET_PERMISSIONS=false; not setting ownership and permissions for /opt/timemachine
 INFO: Avahi - completing the configuration in /etc/avahi/services/smbd.service...
 INFO: dbus PID exists; removing...
 removed '/run/dbus.pid'
 INFO: avahi PID exists; removing...
 removed '/run/avahi-daemon/pid'
 INFO: entrypoint complete; executing 's6-svscan /etc/s6'
 Found user 'avahi' (UID 86) and group 'avahi' (GID 86).
 Successfully dropped root privileges.
 avahi-daemon 0.8 starting up.
 WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
 Loading service file /etc/avahi/services/smbd.service.
 *** WARNING: Detected another IPv4 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
 Joining mDNS multicast group on interface docker0.IPv6 with address fe80::42:8dff:fea1:988d.
 New relevant interface docker0.IPv6 for mDNS.
 Joining mDNS multicast group on interface docker0.IPv4 with address 172.17.0.1.
 New relevant interface docker0.IPv4 for mDNS.
 Joining mDNS multicast group on interface enp2s0.IPv6 with address fe80::5886:8bb8:e2d:5d7.
 New relevant interface enp2s0.IPv6 for mDNS.
 Joining mDNS multicast group on interface enp2s0.IPv4 with address 192.168.1.101.
 New relevant interface enp2s0.IPv4 for mDNS.
 Joining mDNS multicast group on interface lo.IPv6 with address ::1.
 New relevant interface lo.IPv6 for mDNS.
 Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
 New relevant interface lo.IPv4 for mDNS.
 Network interface enumeration completed.
 Registering new address record for fe80::42:8dff:fea1:988d on docker0.*.
 Registering new address record for 172.17.0.1 on docker0.IPv4.
 Registering new address record for fe80::5886:8bb8:e2d:5d7 on enp2s0.*.
 Registering new address record for 192.168.1.101 on enp2s0.IPv4.
 Registering new address record for ::1 on lo.*.
 Registering new address record for 127.0.0.1 on lo.IPv4.
 nmbd version 4.12.2 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2020
 daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
 EOF on stdin
 Got SIGTERM: going down...
 smbd version 4.12.2 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2020
 INFO: Profiling support unavailable in this build.
 daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
 Failed to fetch record!
 Server startup complete. Host name is big.local. Local service cookie is 3547224719.
 nmbd version 4.12.2 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2020
 daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
 EOF on stdin
 Got SIGTERM: going down...
 smbd version 4.12.2 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2020
 INFO: Profiling support unavailable in this build.
 daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
 Failed to fetch record!
 Service "big" (/etc/avahi/services/smbd.service) successfully established.
 nmbd version 4.12.2 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2020
 daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
 EOF on stdin
 Got SIGTERM: going down...
# It's looping over and over

Have a nice day.

Multiple volumes support

Is there a way to share multiple volumes?

Looks like running multiple containers on --host mode won't work so the trivial option could be using a network bridge. At this point multi-volume support seem to be a less overhead.

Explanation of multi-user GID / UID

Please excuse my ignorance. When creating a multi-user config, should the user's created match system (non docker) users? Would I just fetch their UID and place it in the config, and add the user to the docker group so that they can have the correct permissions? Or should I use the user's GID – and ensure that the user is part of the docker group?

For example, if I have my 'timemachine' user who I set to 1000:1000 (which maps to my docker user) should I create additional non-login users on my host, add them to the docker group, and then specify their GID / UID's in the multi-user config?

Thank you in advance.

Problem with TimeMachine share password

Hi,

I've got the AFP container up and running (I need to use the AFP version as I have an older Mac on El Capitan that didn't seem to see the SMB container). My Mac sees the AFP share in the Time Machine settings but when I try to select the disk I am prompted for a username and password, when I enter the default username and password ('timemachine' in lowercase) my system won't login to the share.

After running docker logs timemachine on my host (Ubuntu 18.04 server) I can see there is some kind of problem creating the accounts and changing the password:

INFO: Group doesn't exist; creating...
groupadd: GID '100' already exists
INFO: User doesn't exist; creating...
useradd: group 'timemachine' does not exist
INFO: Using default password: timemachine
chpasswd: (user timemachine) pam_chauthtok() failed, error:
Authentication token manipulation error
chpasswd: (line 1, user timemachine) password not changed
INFO: INFO: CUSTOM_AFP_CONF=false; generating /etc/netatalk/afp.conf...
INFO: SET_PERMISSIONS=false; not setting ownership and permissions for /opt/timemachine
INFO: dbus PID exists; removing...
removed '/var/run/dbus/pid'
INFO: entrypoint complete; executing '/usr/bin/supervisord -c /etc/supervisord.conf'
2020-07-02 10:28:50,305 CRIT Set uid to user 0
2020-07-02 10:28:50,329 INFO supervisord started with pid 1
2020-07-02 10:28:50,723 INFO spawned: 'dbus' with pid 16
2020-07-02 10:28:50,724 INFO spawned: 'avahi-daemon' with pid 17
2020-07-02 10:28:50,726 INFO spawned: 'netatalk' with pid 18
2020-07-02 10:28:51,022 INFO exited: avahi-daemon (exit status 255; not expected)
2020-07-02 10:28:52,051 INFO success: dbus entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-07-02 10:28:52,052 INFO spawned: 'avahi-daemon' with pid 22
2020-07-02 10:28:52,052 INFO success: netatalk entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-07-02 10:28:53,061 INFO success: avahi-daemon entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

I am creating my container using the following parameters:

docker network create -d macvlan --subnet=192.168.111.0/24 --gateway=192.168.111.1 -o parent=enp0s25 macvlan1

docker create
--restart unless-stopped
--name timemachine
--network macvlan1
--ip 192.168.111.74
-e HIDE_SHARES="yes"
-e LOG_LEVEL="info"
-e MIMIC_MODEL="TimeCapsule6,106"
-e TM_USERNAME="timemachine"
-e TM_GROUPNAME="timemachine"
-e TM_UID="1000"
-e TM_GID="100"
-e PASSWORD="timemachine"
-e SET_PERMISSIONS="false"
-e SHARE_NAME="TimeMachine"
-e SMB_PORT="445"
-e VOLUME_SIZE_LIMIT="0"
-v /home/myuser/docker/timemachine/backup:/opt/timemachine
-v /home/myuser/docker/timemachine/config/lib-samba:/var/lib/samba
-v /home/myuser/docker/timemachine/config/cache-samba:/var/cache/samba
-v /home/myuser/docker/timemachine/config/run-samba:/run/samba
mbentley/timemachine:afp

docker start timemachine

Any ideas why the default password isn't working? I've tried recreating the container without the PASSWORD, TM_USERNAME & TM_GROUPNAME parameters but I still cannot login.

Switch to Samba TimeMachine

AFP is going to be deprecated in due time in favor of SMB. Newer versions of TimeMachine/TimeCapsule support SMB, which results in faster backups.

@odarriba has a branch that implements SMB already, so that can be used as a reference. The avahi discovery baked into this image is awesome (have to use host network mode, or a different docker network driver for that to work though, but that aside), so it'd be great to have SMB as a feature.

Link to odarriba's branch:
https://github.com/odarriba/docker-timemachine/tree/smb

Deprecate AFP in favor of the SMB variant

The AFP variant of this image is no longer getting new features added. All new development is going into the SMB version.

Apple has already stated that AFP is no longer the default protocol as of the Mavericks release. SMB is now the default.

SMB2
SMB2 is the new default protocol for sharing files in OS X Mavericks. SMB2 is superfast,
increases security, and improves Windows compatibility
In my own usage, SMB is much more stable than AFP for use with Time Machine as I regularly had to re-create my Time Machine backup from scratch with AFP but have never had to do so with SMB.
SMB support has been available from me since December 31, 2019 - 6444f17.

rando hostname w/macvlan

Matt, stellar work here. I've tried several of these through the years; yours was the first to run flawlessly and make me move to smb (inertia....)

To avoid contention with other docker stuff, I created a new macvlan network per your instructions. Worked perfectly. Made docker-compose point to that network, and listed that network by its name as external. All works -- can connect in Finder with the username / password.

Problem is this: the hostname is now showing up on my network as the random Hexadecimal string Docker named my network: 8c16659497d3. Shows up a server with that unfriendly name in Mac / Networking. Looked all over for a way to change it, as it seems I need to tell avahi not to list it as that.

Logs from docker-compose:

Attaching to timemachine
timemachine | INFO: CUSTOM_SMB_CONF=false; generating [global] section of /etc/samba/smb.conf...
timemachine | Creating /var/log/samba/cores
timemachine | INFO: Avahi - generating base configuration in /etc/avahi/services/smbd.service...
timemachine | INFO: Avahi - adding the 'dk0', 'Veronica TM Server' share txt-record to /etc/avahi/services/smbd.service...
timemachine | INFO: Group timemachine doesn't exist; creating...
timemachine | INFO: User timemachine doesn't exist; creating...
timemachine | INFO: Setting password from environment variable
timemachine | chpasswd: password for 'timemachine' changed
timemachine | INFO: INFO: CUSTOM_SMB_CONF=false; generating [Veronica TM Server] section of /etc/samba/smb.conf...
timemachine | INFO: Samba - Created User timemachine password set to none.
timemachine | INFO: Samba - Enabled user timemachine.
timemachine | INFO: Samba - setting password
timemachine | INFO: SET_PERMISSIONS=false; not setting ownership and permissions for /opt/timemachine
timemachine | INFO: Avahi - completing the configuration in /etc/avahi/services/smbd.service...
timemachine | INFO: entrypoint complete; executing 's6-svscan /etc/s6'
timemachine | dbus socket not yet available; sleeping...
timemachine | nmbd version 4.12.7 started.
timemachine | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine | daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
timemachine | smbd version 4.12.7 started.
timemachine | Copyright Andrew Tridgell and the Samba Team 1992-2020
timemachine | INFO: Profiling support unavailable in this build.
timemachine | daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
timemachine | Failed to fetch record!
timemachine | Found user 'avahi' (UID 86) and group 'avahi' (GID 86).
timemachine | Successfully dropped root privileges.
timemachine | avahi-daemon 0.8 starting up.
timemachine | WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
timemachine | Loading service file /etc/avahi/services/smbd.service.
timemachine | Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.16.
timemachine | New relevant interface eth0.IPv4 for mDNS.
timemachine | Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1.
timemachine | New relevant interface lo.IPv4 for mDNS.
timemachine | Network interface enumeration completed.
timemachine | Registering new address record for 192.168.1.16 on eth0.IPv4.
timemachine | Registering new address record for 127.0.0.1 on lo.IPv4.
timemachine | Server startup complete. Host name is 8c16659497d3.local. Local service cookie is 2675415000.
timemachine | Service "8c16659497d3" (/etc/avahi/services/smbd.service) successfully established.

docker-compose.yml portion below:

  timemachine:
     container_name: timemachine
     networks: 
           - vero_macvlan
     environment:
       - IP=192.168.1.19                         # Matt - this doesn't work here; Docker Network (external) picks the IP
       - CUSTOM_SMB_CONF=false
       - CUSTOM_USER=false
       - LOG_LEVEL=info
       - EXTERNAL_CONF=
       - HIDE_SHARES=no
       - MIMIC_MODEL=TimeCapsule8,119
       - TM_USER=timemachine
       - TM_GROUPNAME=timemachine
       - TM_UID=1100
       - TM_GID=1100
       - PASSWORD=blahblahblah
       - SET_PERMISSIONS=false
       - SHARE_NAME=Veronica TM Server
       - SMB_PORT=445
       - VOLUME_SIZE_LIMIT=0
       - WORKGROUP=WORKGROUP
     restart: unless-stopped
     ports:
          - "137:137/udp"
          - "138:138/udp"
          - "139:139"
     volumes:
          - /tank1/timemachine:/opt/timemachine                  # previously existing backup area
          - /tank1/configs/tm_mb/timemachine-var-lib-samba:/var/lib/samba                 # note: I make configs available
          - /tank1/configs/tm_mb/timemachine-var-cache-samba:/var/cache/samba    #  to docker containers via a 
          - /tank1/configs/tm_mb/timemachine-run-samba:/run/samba                          # per-container directory on a zfs share
     ulimits:
          nofile:
               soft: 65536
               hard: 65536
     image: mbentley/timemachine:smb

Any tips on how to force Avahi / Docker to give the 'host' a proper host name? Thanks!

SMB Image does not fully advertise as TimeMachine targe

I successfully run the SMB image with following cmd:

sudo docker run -d --restart=always \
  --name timemachine \
  --network=timemachine \
  --hostname "TimeCapsule" \
  -e CUSTOM_SMB_CONF="false" \
  -e CUSTOM_USER="false" \
  -e DEBUG_LEVEL="1" \
  -e MIMIC_MODEL="TimeCapsule8,119" \
  -e EXTERNAL_CONF="" \
  -e HIDE_SHARES="no" \
  -e TM_USERNAME="timemachine" \
  -e TM_GROUPNAME="timemachine" \
  -e TM_UID="1000" \
  -e TM_GID="1000" \
  -e PASSWORD="timemachine" \
  -e SET_PERMISSIONS="false" \
  -e SHARE_NAME="TimeMachine" \
  -e VOLUME_SIZE_LIMIT="4 T" \
  -e WORKGROUP="WORKGROUP" \
  -v timemachine-backup-data:/opt/timemachine \
  -v timemachine-var-log:/var/log \
  -v timemachine-var-lib-samba:/var/lib/samba \
  -v timemachine-var-cache-samba:/var/cache/samba \
  -v timemachine-run-samba:/run/samba \
  mbentley/timemachine:smb

However I noticed that the container does not fully advertise as a TimeMachine target via avahi. I modified my setup such way that /etc/avahi/services/smbd.service contains the following entries to make it visible in the TimeMachine settings dialog without further login etc:

<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">

<service-group>
  <name replace-wildcards="yes">%h</name>
  <service>
    <type>_smb._tcp</type>
    <port>445</port>
  </service>
  <service>
    <type>_device-info._tcp</type>
    <port>9</port>
  <txt-record>model=TimeCapsule8,119</txt-record>
  </service>
<service>
    <type>_adisk._tcp</type>
    <port>9</port>
    <txt-record>dk0=adVN=TimeMachine,adVF=0x82</txt-record>
    <txt-record>sys=adVF=0x100</txt-record>
  </service>
</service-group>

I use <port>9</port> in all descriptions as this used to be the original value by Apple instead of <port>0</port>. And I found on searching the net that there might be problems by using port 0.

Furthermore I added the _adisk._tcp description according to this link.

model=TimeCapsule8,119 should contain the MIMIC_MODEL variable and dk0=adVN=TimeMachine,adVF=0x82 should contain SHARE_NAME for adVN.

It would be great if you could modify your image to include the above setup in a next version.

Custom User(s)

In case of using a custom afpd.conf it is -in my case- also useful to use custom users and not only the one user timemachine. So I mount /etc/passwd, shadow and group into the container and expected that the service uses the user in it (which works for the custom afpd.conf) but the entrypoint script always tries to install the timemachine user.

Is it possible to add a new flag (maybe custom_users or so) and if it is set ignore the adduser+setpass commands in the entrypoint.sh shell?

Big Sur changes to Time Machine causing permissions error on first backup

Getting a "permission denied" error when trying to create a backup for the first time from Big Sur. Looks like this is a common problem caused by Apple changing something without telling anyone, and seems to be fixed by adding some options to the smb.conf, apparently the most central being adding acl_xattr to vfs objects =. Check out https://developer.apple.com/forums/thread/666293

Adding catia to vfs objects may be a good idea too, I keep seeing it everywhere for Time Machine purposes:

As an inheritance from Windows some characters (such as the colon :) are illegal in SMB, while they are allowed on both macOS and Linux. This means that in order to transfer them over SMB they need to be encoded somehow, and Time Machine uses a private Unicode range for this. This is totally fine, but can (allegedly) look a bit weird if listing the files on the server. So, optionally the catia module can be used to reverse this encoding server side.

But that may come with other strings attached (some say you also have to add fruit:encoding = native when you use it?), and it's irrelevant for this issue, I think.

help deploy 2 containers

Hi folks, im trying to deploy 2 container mapping each one to a external drive but I'm getting a lot of trouble with samba killing each other.

I'm trying a smb over a raspverry-pi 3b+

I'm always getting paid errors like these: (depending the deploy order and compose or not, the message varies a little bit)

s 1932735948.
Service "7e765b07e5bc" (/etc/avahi/services/smbd.service) successfully established.
Failed to fetch record!
pcap cache not loaded
===============================================================
INTERNAL ERROR: Signal 11 in pid 43 (4.12.2)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 43): internal error
unable to produce a stack trace on this platform
dumping core in /var/log/samba/cores/smbd
*****

Samba name server 7E765B07E5BC is now a local master browser for workgroup WORKGROUP on subnet 192.168.86.248

*****