Categories
backuppc backups SAMBA Uncategorized

How to repair Backuppc on Ubuntu 12.04

Arrrgh

After upgrading to the latest 12.04 Рwhich in itself was a difficult affair РI discovered a massive issue. Backuppc was failing! I was receiving this error.

 NT_STATUS_ACCESS_DENIED listing \\* 

So first I checked the configuration, but as I hadn’t changed anything I was completely mystified what was going wrong.

Searching

So I googled the error and I got a whole lot of posts where people had the same issue as me. There is even a problem log in launchpad. (link)

The culprit was a bug in samba, particularily the way it exposed folders in the exclude list.

Cure

The cure is move down to the previous samba. Sounds simple doesn’t it. But if you’re not a Linux guru that task isn’t the simplest. Have faith, because the great guys at tolaris.com have put up this fix.

Simply follow the steps there and restart samba and you are ready to go. The only change I made was to subtitute the hold feature of aptitude instead of the echo cmd they use to prevent samba from being updated in the future.

 sudo aptitude hold samba 

And now my backups are back and running. Now to figure out why the backup server doesn’t always boot clean. sigh.

Categories
backup operators backuppc Domain SAMBA windows 7

Backuppc+Samba and Backup Operators confusion

I have been using the excellent backup server Backuppc and if you need a network backup facility which can backup Windows, Unix and Linux systems give it a look.

It does have one flaw in it however and this may catch you out if you get confused by the Backup Operators group.

On every Windows machine there is a group called Backup Operators which if look at the description says:

Backup Operators can override security restrictions for the sole purpose of backing up or restoring files

So you think to yourself, “Great I can put the backuppc user into that group on the Samba PDC and I’ll be able to backup all the files I want”.

Unfortunately it does not work out that way, for two reasons:

  1. The domain Backup Operators can only be used on domain controllers.
  2. Backuppc uses smbclient to connect and not Windows Backup API.

A look on technet explains the privileges the Backup Operator group has. So putting the backuppc user into the domain Backup Operators group does not give it privileges to backup all the PCs.

And putting the backuppc user into the Backup Operators group will not solve the problem either because of no. 2. Samba’s smbclient will login as a normal user and the OS will use the file system ACLs to determine rights. Those rights to read all files regardless of the ACL permissions applies only when the Windows Backup API is being used.

So you have two choices really.

  • Add  read, traverse, list folder contents for the Backup Operators group to the files and folders you want the backup to read. And place the backuppc user into the Backup Operators group on the PC.
  • Use the administrator account

The first choice is obviously very tedious and error prone and the second choice has some security risks with it. I chose the latter and I suspect most users will too.

I have read something about Zmanada’s Windows Client for Amanda but I’m not sure if it uses the Backup API or not and would solve this problem. It is something for me to look into.

Categories
backuppc backups Linux magic packet wake on lan WOL

Backuppc and waking machines

In our office there are 9 machines, all of which are backed up nightly with Backuppc. However I did often notice that machines did not get backed up, usually because the machine was not turned on. This was becoming a problem and over half of the machines were not being backed up nightly and some had not been done for many weeks. The nagging e-mails that Backuppc sends out were also being ignored as well.

I needed a way to ensure the machines were on, at least when it was their turn to be backed up. Enter the linux program etherwake. Etherwake sends out a magic packed to a specific machine by it MAC address. Typically machines will not wake when they are pinged, only a specific so-called “magic packet” will wake a machine.

Backuppc does not however have anything currently builtin which invokes etherwake before attempting to wake it. It also has a habit of doing a nmblookup before backup as well, which will most likely fail if the machine has been off for some time.

What I did was replace the ping command in backuppc with a bash shell script and disable the nmblookup. Here’s how I did it.

First write a script in bash and place where you like. It will be someplace where the backuppc user will have rights to access to it. I put the script in the backuppc user’s home.



#!/bin/bash

#this script is totally designed for the backuppc ping command
#which is the first thing it does before it starts a backup
#this is a substitute which pings the machine, if it is not
#awake then it wakes it using a magic packet - using the wol.bsh script
#then pings again to make sure

PING=/bin/ping
ARG1=$1
ARG2=$2
WAKEHOST=$3
ETHWAKE=/usr/sbin/etherwake
SLEEPTIME=3m

logger "Backuppc pinging $1 $2 $3"


function fwol {
TO_WAKEUP=$1
sudo $ETHWAKE $1
if [ $? -eq 0 ]
then
WOL_RES="OK"
else
WOL_RES="FAIL"
fi
}

$PING $ARG1 $ARG2 $WAKEHOST >>/dev/null 2>&1

if [ $? -ne 0 ]; then
fwol $WAKEHOST
if [ "$WOL_RES" = "FAIL" ]; then
exit 1
fi
sleep $SLEEPTIME
$PING $ARG1 $ARG2 $WAKEHOST
if [ $? -eq 0 ]
then
logger "success waking $WAKEHOST."
else
logger "unable to wake $WAKEHOST."
exit 1
fi
else
$PING $ARG1 $ARG2 $WAKEHOST
fi

exit 0

I saved this a wolping.bsh. Essentially this first checks if the machine is up by pinging it. If it does respond then it simply drops out and pings again. Otherwise it invokes etherwake, waits for three minutes and then ping again. Note that in the backuppc code it will invoke the ping command twice, the first time as a wakeup and second the check the roundtrip time. Which is why I first send the ping to /dev/null and then ping again, I don’t want the first output read by backuppc.

Now in backuppc in the server config, you will need to do the following:

  • Set PingPath to the path to where you saved the script above
  • Set NmbLookupFindHostCmd on Backup Settings to blank

Removing the NmbLookup will disable this “feature” and prevent backuppc from reporting the machine down before it wakes up.

That’s it for the backuppc configuration. There is one last item which is needed. Remember etherwake only understands MAC addresses, but backuppc is invoking our script with a host name. So how can you make a host name to a MAC address?

Etherwake will search a /etc/ethers file when it is given a host name. So create one, you’ll need to obtain the MAC addresses of all the machines you want to respond and add them into a ethers file as MAC hostname pairs, similar to a hosts file, eg:



00:3B:56:89:1A:22   myhost

And that’s all there is to it. I now even have the backup server woken up by the router when needed. There is no reason to have any more machines on than necessary.

Next post I’ll get into how you set this up on Linux and Windows to respond to these WOL/magic packet requests.