Date: Sat, 7 Sep 2024 08:28:48 +0100 From: David Chisnall <theraven@freebsd.org> To: Craig Leres <leres@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: FreeBSD+samba as a time machine server for OSX/Sonoma? Message-ID: <8E0CDC45-6521-4973-A349-9B5824C75863@freebsd.org> In-Reply-To: <c7183af3-4a8b-4f12-848f-09f11e8b0e8f@freebsd.org> References: <c7183af3-4a8b-4f12-848f-09f11e8b0e8f@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-69D1F0E4-BAAC-437C-A8A8-02482F956880 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I believe this was broken by a macOS update around February. I=E2=80=99ve be= en trying to debug for a while. I=E2=80=99ve opened an Apple issue (FB145009= 50, for any Apple folks) but it shows up as few people reporting it. I poste= d on Mastodon and several people reported that Time Machine is broken and re= commended Carbon Copy Cloner as an alternative. I would like to see it fixed= , but it probably needs some more debugging by Apple folks.=20 It stopped working for me with no changes on the server and I can reproduce t= he failures on two different Macs. Things I have tried: - Upgrading Samba from 4.16 to 4.19 - Upgrading FreeBSD from 13.x to 14.1 - Setting the SMB timeout sysctls to larger values on macOS. - Turning up the SMB debug sysctls on macOS to see if there=E2=80=99s more i= nfo - Turning up the Samba logging level. - Verifying the backups - Watching smbinfo the server. - Updating macOS to the latest version - Connecting to the server with Finder and checking I can access files on t= he shares and that they have the right permissions. Samba doesn=E2=80=99t report any errors (I don=E2=80=99t know if there=E2=80= =99s a way to force Samba to report permission-denied things). It appears that the Mac acquires a load of read-only locks and so does a lot= of reads, but for some reason it appears to fail the first write. Even with= a verify, it looks like it completes the verification bit but then fails to= write to the plist file.=20 With the increased debugging, I see this in the macOS Comsole: default 14:12:26.297714+0100 kernel smb2fs_smb_cmpd_create: smb2fs_smb_= ntcreatex failed 13 default 14:12:26.301301+0100 kernel smb2fs_smb_cmpd_create: smb2fs_smb_= ntcreatex failed 13 default 14:12:26.310563+0100 kernel smb2fs_smb_cmpd_query: smb2_smb_que= ry_info (single request) failed 45 default 14:12:26.318319+0100 kernel smb2fs_smb_cmpd_query: smb2_smb_que= ry_info (single request) failed 45 default 14:12:26.326850+0100 backupd -[DIStatFS initWithFileDesc= riptor:error:]: File system is smbfs default 14:12:26.542645+0100 kernel smbfs_vnop_access: 501 not authoriz= ed to access TheRooT : action =3D 0x80 default 14:12:26.542682+0100 kernel smbfs_vnop_access: TheRooT action =3D= 0x80 denied default 14:12:26.543622+0100 kernel smbfs_vnop_access: 501 not authoriz= ed to access TheRooT : action =3D 0x80 default 14:12:26.543657+0100 kernel smbfs_vnop_access: TheRooT action =3D= 0x80 denied default 14:12:26.543690+0100 kernel smbfs_vnop_access: 501 not authoriz= ed to access TheRooT : action =3D 0x80 default 14:12:26.543697+0100 kernel smbfs_vnop_access: TheRooT action =3D= 0x80 denied default 14:12:26.543725+0100 kernel smbfs_vnop_access: 501 not authoriz= ed to access TheRooT : action =3D 0x80 default 14:12:26.543730+0100 kernel smbfs_vnop_access: TheRooT action =3D= 0x80 denied default 14:12:26.544085+0100 kernel smbfs_vnop_access: 501 not authoriz= ed to access TheRooT : action =3D 0x80 So it looks as if it is a permission issue. Maybe the mcOS SMB client has st= arted using some bit of the protocol that Samba on FreeBSD doesn=E2=80=99t s= upport for ACLs? David > On 6 Sep 2024, at 22:48, Craig Leres <leres@freebsd.org> wrote: >=20 > =EF=BB=BFLast year you guys helped me get this to work with samba416. I re= cently tried to upgrade to samba419 and so far I'm unsuccessful. The error i= s "The backup disk image could not be created" and I'm running 14.1. >=20 > I'm using the same port build options with 4.16 and 4.19: >=20 > FAM > PYTHON3 > QUOTAS > SYSLOG > UTMP > GSSAPI_BUILTIN > AVAHI > FRUIT >=20 > Having learned my lesson when I upgraded from 4.13 to 4.16, I removed the o= ld backups from the zfs volume on the server before starting. I've also lear= ned the rule that you need to delete and reattach the share on the mac side w= hen you change the samba config. >=20 > Appended is the config that works with 4.16 (but not 4.19) >=20 > Craig >=20 > [global] > workgroup =3D XYZ > security =3D user > netbios name =3D red > server string =3D red.example.net > hostname lookups =3D no > server role =3D standalone server >=20 > interfaces =3D ixl0 lo0 > bind interfaces only =3D yes >=20 > load printers =3D no > show add printer wizard =3D no > time server =3D yes > use mmap =3D yes >=20 > dos charset =3D 850 > unix charset =3D UTF-8 > mangled names =3D no >=20 > #log level =3D 3 > #log file =3D /tmp/samba.log > vfs objects =3D catia fruit streams_xattr zfsacl >=20 > fruit:model =3D MacSamba > fruit:resource =3D file > fruit:metadata =3D netatalk > fruit:nfs_aces =3D yes > fruit:copyfile =3D no > fruit:aapl =3D yes > fruit:zero_file_id =3D yes >=20 > inherit permissions =3D yes >=20 >=20 > [Time Machine] > path =3D /backups/mini > read only =3D no > guest ok =3D no > writeable =3D yes > browseable =3D yes > fruit:resource =3D file > fruit:time machine =3D yes > valid users =3D backup-mini > max disk size 512G >=20 > hosts allow =3D 10.0.0.19 >=20 --Apple-Mail-69D1F0E4-BAAC-437C-A8A8-02482F956880 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D= utf-8"></head><body dir=3D"auto"><div dir=3D"ltr"></div><div dir=3D"ltr">I b= elieve this was broken by a macOS update around February. I=E2=80=99ve been t= rying to debug for a while. I=E2=80=99ve opened an Apple issue (FB14500950, f= or any Apple folks) but it shows up as few people reporting it. I posted on M= astodon and several people reported that Time Machine is broken and recommen= ded Carbon Copy Cloner as an alternative. I would like to see it fixed, but i= t probably needs some more debugging by Apple folks. </div><div dir=3D"= ltr"><br></div><div dir=3D"ltr">It stopped working for me with no changes on= the server and I can reproduce the failures on two different Macs.</div><di= v dir=3D"ltr"><br></div><div dir=3D"ltr">Things I have tried:</div><div dir=3D= "ltr"><br></div><div dir=3D"ltr"> - Upgrading Samba from 4.16 to 4.19</= div><div dir=3D"ltr"> - Upgrading FreeBSD from 13.x to 14.1</div><div d= ir=3D"ltr"> - Setting the SMB timeout sysctls to larger values on macOS= .</div><div dir=3D"ltr"> - Turning up the SMB debug sysctls on macOS to= see if there=E2=80=99s more info</div><div dir=3D"ltr"> - Turning up t= he Samba logging level.</div><div dir=3D"ltr"> - Verifying the backups<= /div><div dir=3D"ltr"> - Watching smbinfo the server.</div><div dir=3D"= ltr"> - Updating macOS to the latest version</div><div dir=3D"ltr">&nbs= p;- Connecting to the server with Finder and checking I can access files on t= he shares and that they have the right permissions.</div><div dir=3D"ltr"><b= r></div><div dir=3D"ltr">Samba doesn=E2=80=99t report any errors (I don=E2=80= =99t know if there=E2=80=99s a way to force Samba to report permission-denie= d things).</div><div dir=3D"ltr"><br></div><div dir=3D"ltr">It appears that t= he Mac acquires a load of read-only locks and so does a lot of reads, but fo= r some reason it appears to fail the first write. Even with a verify, it loo= ks like it completes the verification bit but then fails to write to the pli= st file. </div><div dir=3D"ltr"><br></div><div dir=3D"ltr">With the inc= reased debugging, I see this in the macOS Comsole:</div><div dir=3D"ltr"><br= ></div><div dir=3D"ltr"><span style=3D"white-space: pre-wrap; caret-color: r= gb(51, 51, 51); color: rgb(51, 51, 51); font-family: "SF Pro Text"= , "SF Pro Icons", "Helvetica Neue", Helvetica, Arial, sa= ns-serif; letter-spacing: -0.374px; -webkit-text-size-adjust: 100%; backgrou= nd-color: rgb(255, 255, 255);">default 14:12:26.297714+0100 kernel smb= 2fs_smb_cmpd_create: smb2fs_smb_ntcreatex failed 13 default 14:12:26.301301+0100 kernel smb2fs_smb_cmpd_create: smb2fs_smb_= ntcreatex failed 13 default 14:12:26.310563+0100 kernel smb2fs_smb_cmpd_query: smb2_smb_que= ry_info (single request) failed 45 default 14:12:26.318319+0100 kernel smb2fs_smb_cmpd_query: smb2_smb_que= ry_info (single request) failed 45 default 14:12:26.326850+0100 backupd -[DIStatFS initWithFileDesc= riptor:error:]: File system is smbfs default 14:12:26.542645+0100 kernel smbfs_vnop_access: 501 not authoriz= ed to access TheRooT : action =3D 0x80 default 14:12:26.542682+0100 kernel smbfs_vnop_access: TheRooT action =3D= 0x80 denied default 14:12:26.543622+0100 kernel smbfs_vnop_access: 501 not authoriz= ed to access TheRooT : action =3D 0x80 default 14:12:26.543657+0100 kernel smbfs_vnop_access: TheRooT action =3D= 0x80 denied default 14:12:26.543690+0100 kernel smbfs_vnop_access: 501 not authoriz= ed to access TheRooT : action =3D 0x80 default 14:12:26.543697+0100 kernel smbfs_vnop_access: TheRooT action =3D= 0x80 denied default 14:12:26.543725+0100 kernel smbfs_vnop_access: 501 not authoriz= ed to access TheRooT : action =3D 0x80 default 14:12:26.543730+0100 kernel smbfs_vnop_access: TheRooT action =3D= 0x80 denied default 14:12:26.544085+0100 kernel smbfs_vnop_access: 501 not authoriz= ed to access TheRooT : action =3D 0x80</span></div><div dir=3D"ltr"><span st= yle=3D"white-space: pre-wrap; caret-color: rgb(51, 51, 51); color: rgb(51, 5= 1, 51); font-family: "SF Pro Text", "SF Pro Icons", &quo= t;Helvetica Neue", Helvetica, Arial, sans-serif; letter-spacing: -0.374= px; -webkit-text-size-adjust: 100%; background-color: rgb(255, 255, 255);"><= br></span></div><div dir=3D"ltr"><span style=3D"white-space: pre-wrap; caret= -color: rgb(51, 51, 51); color: rgb(51, 51, 51); font-family: "SF Pro T= ext", "SF Pro Icons", "Helvetica Neue", Helvetica, A= rial, sans-serif; letter-spacing: -0.374px; -webkit-text-size-adjust: 100%; b= ackground-color: rgb(255, 255, 255);">So it looks as if it is a permission i= ssue. Maybe the mcOS SMB client has started using some bit of the protocol t= hat Samba on FreeBSD doesn=E2=80=99t support for ACLs?</span></div><div dir=3D= "ltr"><br></div><div dir=3D"ltr">David</div><div dir=3D"ltr"><br></div><div d= ir=3D"ltr"><blockquote type=3D"cite">On 6 Sep 2024, at 22:48, Craig Leres &l= t;leres@freebsd.org> wrote:<br><br></blockquote></div><blockquote type=3D= "cite"><div dir=3D"ltr">=EF=BB=BF<span>Last year you guys helped me get this= to work with samba416. I recently tried to upgrade to samba419 and so far I= 'm unsuccessful. The error is "The backup disk image could not be created" a= nd I'm running 14.1.</span><br><span></span><br><span>I'm using the same por= t build options with 4.16 and 4.19:</span><br><span></span><br><span> = FAM</span><br><span> PYTHON3</span><br><span> &= nbsp; QUOTAS</span><br><span> SYSLOG</span><br>= <span> UTMP</span><br><span> GSSAPI_BUIL= TIN</span><br><span> AVAHI</span><br><span> &n= bsp;FRUIT</span><br><span></span><br><span>Having learned my lesson when I u= pgraded from 4.13 to 4.16, I removed the old backups from the zfs volume on t= he server before starting. I've also learned the rule that you need to delet= e and reattach the share on the mac side when you change the samba config.</= span><br><span></span><br><span>Appended is the config that works with 4.16 (= but not 4.19)</span><br><span></span><br><span> C= raig</span><br><span></span><br><span>[global]</span><br><span> = workgroup =3D XYZ</span><br><span> security =3D user= </span><br><span> netbios name =3D red</span><br><span> &n= bsp; server string =3D red.example.net</span><br><span> &nb= sp; hostname lookups =3D no</span><br><span> server r= ole =3D standalone server</span><br><span></span><br><span> &nbs= p;interfaces =3D ixl0 lo0</span><br><span> bind interfaces= only =3D yes</span><br><span></span><br><span> load print= ers =3D no</span><br><span> show add printer wizard =3D no= </span><br><span> time server =3D yes</span><br><span> &nb= sp; use mmap =3D yes</span><br><span></span><br><span> &nbs= p; dos charset =3D 850</span><br><span> unix charset =3D= UTF-8</span><br><span> mangled names =3D no</span><br><sp= an></span><br><span> #log level =3D 3</span><br><span> &nb= sp; #log file =3D /tmp/samba.log</span><br><span> &nb= sp;vfs objects =3D catia fruit streams_xattr zfsacl</span><br><span></span><= br><span> fruit:model =3D MacSamba</span><br><span> = fruit:resource =3D file</span><br><span> fruit= :metadata =3D netatalk</span><br><span> fruit:nfs_aces =3D= yes</span><br><span> fruit:copyfile =3D no</span><br><spa= n> fruit:aapl =3D yes</span><br><span> f= ruit:zero_file_id =3D yes</span><br><span></span><br><span> &nbs= p;inherit permissions =3D yes</span><br><span></span><br><span></span><br><s= pan>[Time Machine]</span><br><span> path =3D /backups/mini= </span><br><span> read only =3D no</span><br><span> = guest ok =3D no</span><br><span> writeable =3D= yes</span><br><span> browseable =3D yes</span><br><span> &= nbsp; fruit:resource =3D file</span><br><span> = fruit:time machine =3D yes</span><br><span> valid users =3D= backup-mini</span><br><span> max disk size 512G</span><br= ><span></span><br><span> hosts allow =3D 10.0.0.19</span><= br><span></span><br></div></blockquote></body></html>= --Apple-Mail-69D1F0E4-BAAC-437C-A8A8-02482F956880--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8E0CDC45-6521-4973-A349-9B5824C75863>