As usual, a little background for perspective. This the second time I have had to do this and to get it working I had to go scouring the Internet a little bit. This involved taking bits and pieces from a few sites then keeping my fingers crossed that it would work in the end.
There are two Macs in my household. I configured this at first so that both would dump their backups into one folder. This worked well but I noticed a few weird stuff from time to time and I remembered also reading were some people suggested keeping them separated because of issues that, I guess, could cause the stuff I was noticing. Because of this an a few other cosmetic factors, I decided to move the service to a different server and assign both computers to separate folders (I used separate LVM volumes so that they will have no effect on each other and I have flexibility to grow)
The newer releases of OS X requires Netatalk 2.2.x+. However, Debian 6.0 (Squeeze) comes with 2.1, which won’t work with Mac OS X 10.8 “Mountain Lion”. If you are still running Debian 6.0 you can get netatalk 2.2 from Debian 7.0 (Wheezy) by doing the following as root.
First add the following line to /etc/apt/sources.list:
deb http://http.debian.net/debian wheezy main contrib non-free
Then run the following commands:
aptitude update aptitude install netatalk avahi-daemon avahi-utils
You can revert the changes to /etc/apt/sources.list now and run “aptitude update” again. Obviously if you were already on Wheezy you won’t have to worry about this.
Setting up Netatalk
Let’s do some configs…
Change your /etc/netatalk/AppleVolumes.default file to export the Time Machine volume.
Look for the following line:
And change it to something like this. Also remove the hash sign:
#:DEFAULT: cnidscheme:dbd options:upriv,usedots
At the end of the file you’ll find a line that reads:
~/ "Home Directory"
Add something like this below it:
/mnt/timemachine "Time Machine" allow:username cnidscheme:dbd volsizelimit:250000 options:usedots,upriv,tm
- /mnt/timemachine is your backup folder.
- “Time Machine” is a random label to identify your Time Machine volume.
The rest of the line contains various parameters to allow the Mac to “play nice” with this server as a Time Machine target. It’s important to add the options:tm at the end of the line so that Netatalk enables various special options for Time Machine. You can also add fancy options to restrict access to users logging in with specified accounts. But I have decided to keep it simple, at least for this round 😉
The next config file is /etc/netatalk/afpd.conf. Comment the last line like this:
# - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword
…and add this:
- -tcp -noddp -uamlist uams_dhx.so,uams_dhx2_passwd.so -nosavepassword
I guess you could also just replace it but I like an easy rollback path, just in case.
I am not sure if this command is actually needed for it to work but it didn’t cause it not work 🙂
Restart netatalk for the new configuration to take effect:
sudo service netatalk restart
For an additional layer of security I decided to create a dedicated user account that will only have access to the write to the backup folder. Time Machine will ask for this information on initial setup.
sudo useradd -s /bin/false timemachine sudo passwd timemachine sudo chown -R timemachine:timemachine /mnt/timemachine
This takes care of the server side.
Now configure your OS X installation so it sees unsigned time machine volumes. Open the terminal app and execute the following command:
defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
Older articles refer to creating a /etc/avahi/services/afpd.service file. With netatalk 2.2, this file is redundant: you do not need to create it.