Peter's Blog

Backing up linux ubuntu intranet stuff to central windows server using rsync and smbfs. I did this as follows:

• Create new windows user with limited priviledges, apart from writing backup files. The intranet server will have permanent access to the windows server and access priviledges should not be too generous.
• Install smbfs:

  sudo apt-get install smbfs
  

• Add following to /etc/fstab

  //{server name}/{share name} /mnt/{target} smbfs rw,username={windows username}, \
            password={windows password},uid={linux username},gid={linux username} 0 0
  

  uid and gid are necessary to get write permission.
• Mount share:

  sudo mount /mnt/{target}
  

• Create a backup directory on the windows server. Since it is only a backup I made this compressed.
• Add a cron entry to copy stuff over every night:

  34 3 * * 1-5 rsync -a --delete --exclude="\\.*" \
            /home/pcw/StuffToBackup/ /mnt/{target}/users/PCW/BACKUP
  

  Windows does not like file names that start with a . so I exclude these.

I decided to put a new backup strategy in place at work. I have my desktop PC running windows and an Ubuntu server. I wanted to back up my day-to-day work under windows to the server. I wanted incremental backup so I have the option to backtrack through file history if necessary.

rsync is a nice utility to copy an set of files from one pc to another and works under windows {via Cygwin) and Linux. It can copy over ssh and hence I can use my ssh keys to avoid having to log into the server or put my password in scripts. However it does not do incremental backups, it just duplicates.

rdiff-backup is a nice backup tool that can do cross-network incremental backups. It uses the rsync protocol so it is very efficient. It is also easy to use, no weird command line switches, just give it the name of the source and target directories. However, support for this on windows is not straightforward and it relies on using a cygwin version of python rather than the standard distribution.

So, a compromise solution, use both. I have set things up so that this is done every night when I go home:

cd c:\Projects
rsync -avz --exclude-from="rsync.cnf" -e ssh ./ pcw@rd-pcw2:Projects/ > backup.log
blat backup.log -to pcw@itl.co.uk

this copies files from my 'Projects' directory to the server. The "rsync.cnf" file is a set of things to exclude from the copy, e.g.:

#
# Doxygen output files
#
- Doxygen/

#
# Anything downloaded
#
- Download/
- lstfiles/
- ofiles/
- *.bak
- *.Bak

#
# Anything generated by py2exe
#
- build/
- dist/

#
# Anything in a folder called Old
#
- Old/

#
# VC build directorys
#
Debug/
Release/
debug/
release/

#
# Miscellaneous.
#
- *.obj
- *.tmp
- *.pyc
- setup/*.exe
- Output/setup.exe

After running this I use blat to email me what happened so I know it succeeded.

On the server I have crontab set up to run rdiff-backup every night after the files have been uploaded:

0 18 * * * rdiff-backup /home/pcw/Projects /home/pcw/Backup

This system gives me two full copies of my project files and incremental backups to boot.

Todo: rdiff-backup to a different disk, giving three copies.

Got Ubuntu Linux server to share it's printer with Windows XP. After setting up samba (i.e. installing the samba package) and getting it to a state where the server PC appeared in the workgroup (make sure workgroup has same name on all computers). Also make sure Ubuntu knows about the printer. CUPS, the unix printing thing, is installed by default on Ubuntu and all the above is too trivial to comment on. Unfortunately, sharing the printer is not so trivial, you have to edit config files and reboot daemons: but, hey, we love that or we wouldn't use Linux?

• Edit /etc/samba/smb.conf as follows:

  # add to [General] section:
    printcap name = cups
    printing = cups
    security = share
  
  # make sure [printers] section looks like this
  [printers]
    browseable = yes
    printable = yes
    public = yes
    create mode = 0700
    guest only = yes
    use client driver = yes
    path = /tmp
  

• reboot samba:

  sudo /etc/init.d/samba restart
  

• In windows, go to control panel/printers/add network printer.
• Browse for server computer. In it's list of printers should be the one you want
• Install the printer. A dialog may come up about downloading a printer driver. This probably won't work but windows will go on to let wou choose a driver from a list.
• Print a test page.

Whoopee, can print upstairs from laptop downstairs via wifi. There is no security here so watch out who is using your expensive ink.

Installed Ubuntu linux. Posting this from Firefox running on Ubuntu.

The installer created a version that worked pretty much automatically. The only tweeks I had to do are:

• the installer hardware detection could not find my old dlink de220 ne2000 compatible ISA network card. I had to switch terminals and run:

  modprobe ne io=0x300 irq=9
  

  switching back to the installer, it found the network and was happy. It downloaded a load of updated modules from somewhere via the nerwork. It configured everything via DHCP, even found the name servers.
• Once Ubuntu was installed it ran ok but network was dead again. I had to edit /etc/modules to add the line

  ne io=0x300 irq=9
  

  and restart (although a modprobe would probably have done the trick).
• I used the network manager to change from the DHCP setup to a manual one so server has a static IP address.
• I edited /etc/apt/sources.list to add a 'universe' repository so I could use the Synaptic package manager to install packages unapproved by Ubuntu. This allowed me to install xawtv. I also installed 83 module updates.
• Ran xawtv from the command line and it Just Worked: the hardware detection had found my Pinnacle PCTV Rave and loaded all the bttv modules. Ubuntu seems to use a 2.6 kernel, hence my old problems were resolved.

Ubuntu observations:

• Don't like the brown colour scheme.
• root account is disabled! Everything has to be done via sudo. Apparently Max OS/X works this way. I was able to edit the config files above using 'sudo vim '. Sudo keeps prompting for passwords.
• Synaptic package manager looks nice, nicer than dselect (old text based apt tool I used to use on debian with weird key assignments).
• Samba network client Just Worked: was able to find Windows XP pc and poke around.
• Not bowled over by the documentation on the Ubunto web site. Mostly Wiki notes, often directing me to Room 101, a catchall.
• Modern X has much nicer fonts than Suse 6.4 vintage.

Mission: to get rsync going over ssh. This will allow me to synchronise files on local client and remote server. Rsync is a nice fast incremental copy program designed for synchronising file sets between a client and server. The result is that both computers share identical versions of a set of files.

Steps:

• install openssh on client and server
• install rsync on client and server
• to avoid typing in passwords, create ssh key using:

  ssh-keygen -t dsa
  

• Log into server using sftp
• copy /home//.ssh/id_dsa.pub to the server
• on the server, merge contents of id_dsa.pub with ~/.ssh/authorized_keys2
• From client, try logging in using ssh or sftp. Key should be accepted.
• Start rsyncing.

Note: using a blank passphrase for ssh means you will not be prompted for a passphrase when you log in but this is a security risk: if anyone gets their hands on the key file they can get it.

Examples: Copy files in the directory 'logs' to the directory 'blah' on server ad-pc (files will be in blah/*).

rsync -avz logs/ -e ssh ad-pc:blah/

Copy the files back.

rsync -avz -e ssh ad-pc:blah/ logs/

Copy the directory 'logs' and files in it to the directory 'blah' on server ad-pc (files will be in blah/logs/*).

rsync -avz logs -e ssh ad-pc:blah/

Copy the directory 'logs' and files in it to the directory 'blah' on server ad-pc. Copy recursively and delete files on the receiver that do not exist on the sender (i.e. replicate deletion of files).

rsync -avzr --delete logs -e ssh ad-pc:blah/

Copy while logging in as a different user.

rsync -avz -e ssh <user>@ad-pc:www/modules/ modules/

Note the subtle use of the trailing /.

blah/

copy files to/from directory

blah

copy directory itself

Using cygwin on Windows 2000 I had a problem copying from the server to the local pc: the shell would hang real hard at the end of the transfer. I tried reinstalling the cygwin stuff from a different server (mirror.ac.uk) and found a much more recent version (2.6.2 as opposed to 2.5.5). This fixed the problem, which may have been this.

At work I was inspired to find a way to get in from home through the firewall. Tunnelling out using ssh through the https port is tried and tested but I wanted a way in.

I've set things up so I can email myself at work with a certain subject line which triggers an exim .forward rule. This rule starts up ssh making a connection OUT to my home debian server. The outward connection includes a remote forwarded port so from my home debian box I can ssh back into the work box. I'm kinda pleased with this as it's secure so I won't get into trouble. The tunnel can only go to my home pc at my command. Even if someone else sent the magic email they would not get the ssh connection.

It took a couple of tricks to get this working:

• I had to edit sshd_config to add a new port at 8022 for forwarding to the home box as this is not a priveliged port.

• The .forward file does not run ssh directly (it cannot block and wait for the ssh session to finish) so it runs an 'at' command to launch ssh independantly in a totally separate process.

• ssh is fired up with the -n and -N commands to stop it screwing up the console.

Getting this going prompted me to load samba so I can copy stuff from the windows workhorse to the debian box and access it anytime from home without the risk of exposing my windows box through the firewall. Now that would get me into trouble...

I was inspired to install samba both at work and home. With debian this boiled down to:

 apt-get install samba smbclient 

After tweeking smb.conf to expose the home directories to browsing I could not connect from windows without repeated user/password prompts. trying to browse using:

 smbclient -L <hostname> 

In both situations I got an error:

 session setup failed: NT_STATUS_LOGON_FAILURE 

I found a fix for this here which boiled down to:

I was inspired to install samba both at work and home. With debian this boiled down to:

 apt-get install samba smbclient 

After tweeking smb.conf to expose the home directories to browsing I could not connect from windows without repeated user/password prompts. trying to browse using:

 smbclient -L <hostname> 

In both situations I got an error:

 session setup failed: NT_STATUS_LOGON_FAILURE 

I found a fix for this here which boiled down to:

"May be dumb to ask but you did create the Samba password file and added passwords for

your users? Reason I ask is because I have searched quite a few links and the response to that error is usually just that. Here is the commands I used to add my users:

To make the password file:

# cat /etc/passwd | /usr/bin/mksmbpasswd.sh > /etc/samba/smbpasswd

Then add your users:

# smbpasswd someusername"

At work the debian stable install did create a passwd file but apparently it didn't do a good job. My debian unstable install at home didn't try but the above did the trick.