Debian Time Machine Server

As usual, a little background for perspective. This the second time I have had to do this and to get it working I had to go scouring the Internet a little bit. This involved taking bits and pieces from a few sites then keeping my fingers crossed that it would work in the end.

There are two Macs in my household. I configured this at first so that both would dump their backups into one folder. This worked well but I noticed a few weird stuff from time to time and I remembered also reading were some people suggested keeping them separated because of issues that, I guess, could cause the stuff I was noticing. Because of this an a few other cosmetic factors, I decided to move the service to a different server and assign both computers to separate folders (I used separate LVM volumes so that they will have no effect on each other and I have flexibility to grow)

Installing Packages

The newer releases of OS X requires Netatalk 2.2.x+. However, Debian 6.0 (Squeeze) comes with 2.1, which won’t work with Mac OS X 10.8 “Mountain Lion”. If you are still running Debian 6.0 you can get netatalk 2.2 from Debian 7.0 (Wheezy) by doing the following as root.
First add the following line to /etc/apt/sources.list:

deb wheezy main contrib non-free

Then run the following commands:

 aptitude update
 aptitude install netatalk avahi-daemon avahi-utils

You can revert the changes to /etc/apt/sources.list now and run “aptitude update” again. Obviously if you were already on Wheezy you won’t have to worry about this.

Setting up Netatalk
Let’s do some configs…

Change your /etc/netatalk/AppleVolumes.default file to export the Time Machine volume.

Look for the following line:

 #:DEFAULT: options:upriv,usedots 

And change it to something like this.  Also remove the hash sign:

 #:DEFAULT: cnidscheme:dbd options:upriv,usedots 

At the end of the file you’ll find a line that reads:

~/                     "Home Directory"

Add something like this below it:

/mnt/timemachine  "Time Machine"  allow:username cnidscheme:dbd volsizelimit:250000 options:usedots,upriv,tm
  • /mnt/timemachine is your backup folder.
  • “Time Machine” is a random label to identify your Time Machine volume.

The rest of the line contains various parameters to allow the Mac to “play nice” with this server as a Time Machine target. It’s important to add the options:tm at the end of the line so that Netatalk enables various special options for Time Machine. You can also add fancy options to restrict access to users logging in with specified accounts. But I have decided to keep it simple, at least for this round 😉

The next config file is /etc/netatalk/afpd.conf. Comment the last line like this:

# - -tcp -noddp -uamlist, -nosavepassword

…and add this:

- -tcp -noddp -uamlist, -nosavepassword

I guess you could also just replace it but I like an easy rollback path, just in case.

I am not sure if this command is actually needed for it to work but it didn’t cause it not work 🙂

touch /mnt/timemachine/

Restart netatalk for the new configuration to take effect:

sudo service netatalk restart

For an additional layer of security I decided to create a dedicated user account that will only have access to the write to the backup folder. Time Machine will ask for this information on initial setup.

 sudo useradd -s /bin/false timemachine
 sudo passwd timemachine
 sudo chown -R timemachine:timemachine /mnt/timemachine

This takes care of the server side.

Client Setup
Now configure your OS X installation so it sees unsigned time machine volumes. Open the terminal app and execute the following command:

defaults write TMShowUnsupportedNetworkVolumes 1

Older articles refer to creating a /etc/avahi/services/afpd.service file. With netatalk 2.2, this file is redundant: you do not need to create it.


5 thoughts on “Debian Time Machine Server

  1. Thank you – nice quick howto
    Also works on Ubuntu exactly as described above.

    I recommend creating a new directory/share for each Mac you backup so /mnt/timemachine-pro “Time Machine Mac Pro” – /mnt/timemachine-air “Time Machine Air”

    You should also pay consideration to the underlying file system on the target. The way that a sparse bundle works is to create lots and lots of 8MB files – then the overhead of Timemachine adds and removes these 8MB files as the backup lifecycle changes.

    • I am glad this was helpful. I did create separate folders for my machines. I actually had some weird behavior when both were using the same folder/mount-point.

  2. Great howto!
    One little thing that I missed on the first pass, and took me a bit to figure out what was ‘allow:username’ was really allow: e.g allow:timemachine

    “/mnt/timemachine “Time Machine” allow:username cnidscheme:dbd volsizelimit:250000 options:usedots,upriv,tm”

  3. Great howto!

    There are a couple of caveats with it though.

    1: no need to do any client side setup, a vanilla osX works fine without it

    2: AppleVolumes.default:
    #:DEFAULT: cnidscheme:dbd options:upriv,usedots
    /mnt/timemachine “Time Machine” allow:username cnidscheme:dbd volsizelimit:250000 options:usedots,upriv,tm

    the cnidscheme:dbd is default and implied in both places

    3: AppleVolumes.default:
    /mnt/timemachine “Time Machine” allow:username cnidscheme:dbd volsizelimit:250000 options:usedots,upriv,tm

    the allow:username should be allow:timemachine if you want access restricted or omitted if you don’t care about the security. Then any mac user can connect. This will throw an error of OSsetup 2 during time machine setup if you don’t get it right.

    4: AppleVolumes.default:
    ~/ “Home Directory”
    if you don’t have a linux user matching the mac user you will get an error connecting to the debian server if not commenting out the home directory. It can even be a partial match. A osX user of “John Doe” can have a linux user of “john” with full name of “John Doe” and the home share on the mac is automagically connected to the home of the linux user.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s