Categories
backuppc backups SAMBA Uncategorized

How to repair Backuppc on Ubuntu 12.04

Arrrgh

After upgrading to the latest 12.04 Рwhich in itself was a difficult affair РI discovered a massive issue. Backuppc was failing! I was receiving this error.

 NT_STATUS_ACCESS_DENIED listing \\* 

So first I checked the configuration, but as I hadn’t changed anything I was completely mystified what was going wrong.

Searching

So I googled the error and I got a whole lot of posts where people had the same issue as me. There is even a problem log in launchpad. (link)

The culprit was a bug in samba, particularily the way it exposed folders in the exclude list.

Cure

The cure is move down to the previous samba. Sounds simple doesn’t it. But if you’re not a Linux guru that task isn’t the simplest. Have faith, because the great guys at tolaris.com have put up this fix.

Simply follow the steps there and restart samba and you are ready to go. The only change I made was to subtitute the hold feature of aptitude instead of the echo cmd they use to prevent samba from being updated in the future.

 sudo aptitude hold samba 

And now my backups are back and running. Now to figure out why the backup server doesn’t always boot clean. sigh.

Categories
backup operators backuppc Domain SAMBA windows 7

Backuppc+Samba and Backup Operators confusion

I have been using the excellent backup server Backuppc and if you need a network backup facility which can backup Windows, Unix and Linux systems give it a look.

It does have one flaw in it however and this may catch you out if you get confused by the Backup Operators group.

On every Windows machine there is a group called Backup Operators which if look at the description says:

Backup Operators can override security restrictions for the sole purpose of backing up or restoring files

So you think to yourself, “Great I can put the backuppc user into that group on the Samba PDC and I’ll be able to backup all the files I want”.

Unfortunately it does not work out that way, for two reasons:

  1. The domain Backup Operators can only be used on domain controllers.
  2. Backuppc uses smbclient to connect and not Windows Backup API.

A look on technet explains the privileges the Backup Operator group has. So putting the backuppc user into the domain Backup Operators group does not give it privileges to backup all the PCs.

And putting the backuppc user into the Backup Operators group will not solve the problem either because of no. 2. Samba’s smbclient will login as a normal user and the OS will use the file system ACLs to determine rights. Those rights to read all files regardless of the ACL permissions applies only when the Windows Backup API is being used.

So you have two choices really.

  • Add  read, traverse, list folder contents for the Backup Operators group to the files and folders you want the backup to read. And place the backuppc user into the Backup Operators group on the PC.
  • Use the administrator account

The first choice is obviously very tedious and error prone and the second choice has some security risks with it. I chose the latter and I suspect most users will too.

I have read something about Zmanada’s Windows Client for Amanda but I’m not sure if it uses the Backup API or not and would solve this problem. It is something for me to look into.

Categories
CUPS DM document management ldap Linux PDC SAMBA Sharepoint

Long train take me home

Hello all,
I’ve finally decided to continue this blog after several months of letting it rot. I’m currently on the bench as they say in the UK, On the beach as they say in North America. A lot has changed in the office and the future work I hope to do, so lets get on with it shall we?

I’ve figured out the CUPS server and all is running very well. My Windows clients have little issue printing to any of the three printers in our office. I only have one small issue with the Konica Minolta MFP where every once in a while I send it a job and the job doesn’t come out. I check with CUPS and it labels the job as “complete” – eventhough it hasn’t printed. I haven’t done too much debugging into this. I’d like some tips as to why that would happen. I believe with older versions of CUPS this was quite common. There are many people on forums indicating that even rebooting didn’t solve their problems, or only solved them for a short period.

Now that I have sorted out CUPS for myself, I’ll slowly be rolling it out to the remainder of the office. One by one I’ll be switching the printers on the PC’s to use the CUPS server rather than use a direct link. There will always be a fall back so I don’t think there’s much risk. I think for the Konica Minolta I’ll leave the direct link on each PC in case the not-printing problem occurs. I’d hate to have user’s scream at me that this new print server is terrible.

I also made significant progress with Linux. I have setup a new NAS server with 900MB of total storage using a RAID 5 consisting of 4 320GB drives. I’ve manged to get it use a volume manager so in theory I can re-size the partitions I’ve created should I need to. The way I have set it up I have left a lot of unused space so re-sizing currently means just expanding the one partition that has filled up.

I then set about putting LDAP on the server and getting it ready for use as a Samba PDC. This was not easy. I searched around and there are few places which give tutorials on this. But its all in bits and pieces. First you need to follow https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html to get OpenLDAP up and running. Then follow https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html, which gets Samba and LDAP talking to each other. You then need to get the authentication to work by following https://help.ubuntu.com/community/LDAPClientAuthentication. That didn’t work for me, I still don’t know why. I had to additionally edit my /etc/ldap.conf with mappings to map to the correct place in the LDAP hierarchy.

nss_base_passwd ou=People,dc=dom,dc=local?one
nss_base_passwd ou=Machines,dc=dom,dc=local?one

The second line is most important as my PDC would not allow new machines to join without it. This line took me two days to discover and only through a forum entry by someone with a totally different problem than me.

Once I got that going things went swimmingly! I just have some account clean up to do. Now that I have domain accounts some redundant accounts on the machines need to disabled and changed to use the LDAP accounts instead. This is a faily minor procedure on the Linux machines which just involves disabling accounts and performing chown and chgrp with the proper ID’s. On Windows its a bit more complex, though I hear it can be done from the profiles dialog. Apprently you just reassign the profile folder to the local account and then delete the local account without deleting the profile folder. All done.

I’m also rolling this out on a machine-by-machine basis and will hope to have this sorted within the next month.

I’ve been playing recently with the MODEL clause of Oracle SQL. This was introduced I believe in 10g and has been inproved in 11g. One of my clients needs a sophisticated financial calculation performed which used intra-row calculations. The process also needs some “gap-filling” to accomodate somewhat user entry errors. Where there is data missing in one month which was present in the previous and following months. The MODEL clause can do this quite easily, without having to do all sorts of self-joins and left and full outer joins. I was impressed with the elegance and speed of the solution. Now I just need to squeeze it into the tiny operating confinments of the client’s server.

I used to think that disk space was cheap and when the sys admins saw that space was filling up, they would just allocate more from the SAN and when they needed to, buy more disks. Really a 1TB disk is not a lot for a large company is it? Yet my client is constantly plagued with out of space errors on their servers.

I’ve now been pondering the future of my business. Document management seems to be the future these days. With all the requirements for freedom of information and regulatory requirements for financial institutions coming, it seems a growth area. Even in the legal area, there are masses and masses of documents. I can tell you from experience that hunting for template documents and people’s documents can be a nightmare. Even more so if they have been misfiled!

Document management systems can be very complex but there are some Open Source solutions available. Providors like KnowledgeTree and Alfresco are well known in this area. Sharepoint is another obvious one. Though sharepoint is nearly useless in its bare form in my opinion. It needs a lot of work to come up to the level of a Alfresco.

I’m pondering this area and will decide on my future shortly. I’ve also need to consider how to train and market this new offering.

All for now.