Hi Ken,
I too use Debian, and love it. I kept notes of how I set up BackupPC,
because I wanted to be able to repeat the setup process. My howto is
attached.
I'm not sure what an 'md' drive is, but here's how I move the BackupPC files
to a different location (in this case, a hard drive that's been mounted as
/backups)
- Stop BackupPC:
/etc/init.d/backuppc stop
- Copy the BackupPC files to the new hard drive
cp -a /var/lib/backuppc /backups
- Delete the old files
rm -r /var/lib/backuppc
- Link the new location to the old location
ln -s /backups/backuppc /var/lib/backuppc
- Start BackupPC Again:
/etc/init.d/backuppc start
Justin Best
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ken Walker
Sent: Friday, February 17, 2006 6:58 AM
To: [email protected]
Subject: [BackupPC-users] Help
I've just been searching for backup methods and came across backuppc, which
was described as easy to set up.
well I've install it on Debian, and its up and running, i've added a remote
machine to the hosts file, and it's just done a local machine backup.
But
I'm getting access denied errors on the local machine backup
I can't find where to change the backup location, i want it on a raid5 drive
and not on my operating system drive.
It says it's putting them in /var/lib/backuppc/pc/localhost/0 but i want
them on an md drive.
On the remote machine, can i just select specific folders to back up or is
it all or nothing.
Is there a 'simple get up and running' document anywhere ?
many thanks
Ken
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
BackupPC-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
################################################################################
################################################################################
Configuring BackupPC on Debian Sarge
By Justin Best
1/26/2006
################################################################################
################################################################################
This howto document is prepared primarily to give myself a record of how my
BackupPC machines are configured so that in the event that something goes
wrong, I can fix it easier.
For hardware, I'm finding great success with very minimal hardware
requirements. I'm using a P3-666 machine for the BackupPC server. I've read
that BackupPC does tend to like lots of RAM, so I've go the system at 512MB.
Hard disk size is dependent on your individual requirements.
I hope this document is helpful to you in your situation. Feel free to give me
a shout if you're having trouble and I'll do what I can to assist.
Justin Best
[EMAIL PROTECTED]
################################################################################
Install Debian
################################################################################
To install Debian, go ahead and download a Debian NetInstall CD from
www.debian.org. At the time of writing, the latest stable release of the Debian
linux distribution is 3.1 (Sarge).
You'll want to download the .iso file listed as the "Official netinst image"
for the i386 architecture. If you aren't familiar with how to use .iso files,
please see http://www.debian.org/CD/faq/#what-is.
Here is a direct link to download the image for the i386 platform:
http://cdimage.debian.org/debian-cd/3.1_r1/i386/iso-cd/debian-31r1a-i386-netinst.iso
Once you've downloaded the .iso and burned it to a CD, simply put it in the
drive and boot the computer, the same as if you were installing windows. If all
was done properly, the Debian installer will come up.
To properly install Debain, you'll need the following settings:
- Hostname: bs-pc000 (where 000 is a unique number to idenfity this PC)
- Domain Name: domain.tld (should come up automatically via DHCP)
- Partitioning: erase entire disk IDE1 master (hda)
- Partitioning Scheme: All files in one partition
- Boot loader: Install the GRUB boot loader to the master boot record.
Once you've finished installing the Debian base system, the CD is ejected from
the drive. Remove it, and hit enter to reboot the system.
Once the system reboots, you'll need the following settings:
- Time Zone: Pacific
- root password: See Justin Best for information about this
As soon as you are finished setting the root password, you will be prompted to
create an account for non-administrative privileges. At this point, choose
Cancel. This will take you to the Debian base system configuration menu
Next, we need to choose a server to download additional software packages from.
From the Debian base system configuration menu:
- choose "Configure apt"
- Access method: "http"
- Mirror country: United States
- Mirror to download software from: mirrors.kernel.org
- HTTP Proxy: none (leave blank)
- Once the system has finished communicating with the mirror, choose Yes to add
another apt source. Use the same settings as before, but this time choose a
different mirror (such as debian.oregonstate.edu)
- Once the system is done communicating with the second mirror, choose No
- Download security updates: Yes
Once the base system configuration menu is displayed again, choose "Finish
configuring the base system"
################################################################################
Enable Remote Access
################################################################################
Throughout this configuration process, we'll need to edit a good number of text
files. I've found that the copy-and-past method works significantly better than
retyping for this type of thing.
To install SSH:
- Log in to the system as 'root'
- Enter the following command:
apt-get install ssh
- Allow SSH protocol 2 only: Yes
- Install with SUID: Yes
- Run the sshd server: Yes
Next, download PuTTY on your Windows machine:
http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
- PuTTY doesn't need need to be installed. Just double-click the .exe file
to open the program
- You'll need the IP address of your BackupPC machine. Get it by typing:
ifconfig
at the console.
- Type the IP address of your BackupPC machine under "Host Name (or IP Address)
then click "Open".
- When the black screen comes up, log in as root.
To copy text while logged in with PuTTY, drag your mouse to select an area of
the screen, and then left-click the selection. Similarly, to paste text,
right-click with your mouse at any time. Be careful, pasting text has the same
effect as entering commands on the keyboard!
################################################################################
Install additional software
################################################################################
I like using VIM to edit text files. If you're not familiar with the VI editor,
you may prefer to use something simpler, like Nano. Let's install both now:
- Log in to the system as 'root'
- To install VIM, type:
apt-get install vim
- To install Nano, type:
apt-get install nano
- Install less, a useful command-line tool:
apt-get install less
################################################################################
Install BackupPC
################################################################################
To Install & configure BackupPC:
- enter the command:
apt-get install backuppc
- enable suExec: Yes
- Workgroup/Domain Name: DOMAIN
- Use Password Encryption: Yes
d
- Modify smb.conf to use WINS settings from DHCP: No
- Add aliases for /backuppc/ to your apache config files: Yes
- Change the password to BackupPC by typing the following commmand:
htpasswd /etc/backuppc/htpasswd backuppc
################################################################################
Add a second hard drive (optional)
################################################################################
Because BackupPC benefits from a file system known as "ReiserFS", and because I
find it nice to have a hard drive dedicated entirely to storing backup files,
I've been in the habit of adding a second hard drive to all my BackupPC
servers. I've been using 200GB IDE hard drives for this purpose. I've found
that 200GB enough to keep a very large number of backups (15 desktops times 4
backups each only ends up being about 40GB).
Go ahead and shut the computer down:
- log in as 'root'
- type the following command:
shutdown -hP now
- when the system is ready, turn the power off
Next, plug in the physical hard drive and power the system back on. Check in
the BIOS to make sure the hard drive has been recognized by the system (don't
worry if the BIOS thinks the hard drive is smaller than it actually is, Linux
seems to take care of BIOS size limitations.)
To prepare the second hard drive:
- Install ReiserFS with the following command:
apt-get install reiserfsprogs
- Partition the Hard Drive by by typing:
fdisk /dev/hdb
- delete any existing partitions by typing 'd' and pressing enter until the
message "No partition is defined yet!" is displayed
- type 'n' and hit enter to create a new partition
- type 'p' and press enter
- type '1' and press enter
- press enter twice to choose the default values for start and end cylinders
- type 'w' and press enter to write the new partitioning scheme to disk
- Format the hard drive using the following command:
mkfs.reiserfs /dev/hdb1
Once the hard drive is formatted, we'll need to add some additional information
to our file system table in order to access it
- Enter the following commands:
mkdir /backups
nano /etc/fstab
- Add a new line on the end of the file that says:
/dev/hdb1 /backups reiserfs defaults 0 0
So that your file looks something like this:
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/hda1 / ext3 defaults,errors=remount-ro 0 1
/dev/hda5 none swap sw 0 0
/dev/hdc /media/cdrom0 iso9660 ro,user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
/dev/hdb1 /backups reiserfs defaults 0 0
- Save the file and exit.
Once this is done, reboot the system.
To check and make sure that the hard disk is properly configured, type 'df'.
You should get an output listing /dev/hdb1, like this:
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda1 14128684 344900 13066084 3% /
tmpfs 258204 0 258204 0% /dev/shm
/dev/hdb1 195352432 33560 195318872 1% /backups
Since the hard drive is up and running properly, let's move the BackupPC files
onto it:
- Stop BackupPC:
/etc/init.d/backuppc stop
- Copy the BackupPC files to the new hard drive
cp -a /var/lib/backuppc /backups
- Delete the old files
rm -r /var/lib/backuppc
- Link the new location to the old location
ln -s /backups/backuppc /var/lib/backuppc
- Start BackupPC Again:
/etc/init.d/backuppc start
- Here are all those commands in a row (so you can easily cut-and-paste)
/etc/init.d/backuppc stop
cp -a /var/lib/backuppc /backups
rm -r /var/lib/backuppc
ln -s /backups/backuppc /var/lib/backuppc
/etc/init.d/backuppc start
################################################################################
Configure BackupPC to allow Active Directory users (optional)
################################################################################
In order to allow users to authenticate using their regular windows accounts,
we'll want to be able to interact with the windows servers.
We'll need to install some new software to get there:
- Enter the following command:
apt-get install samba
- How do you want to run Samba: daemons
- Create samba pasword database: Yes
- Enter the following command:
apt-get install winbind
Next, we'll need to adjust some configuration files.
- Edit /etc/nsswitch.conf, and change
passwd: compat
group: compat
shadow: compat
To:
passwd: compat winbind
group: compat winbind
shadow: compat winbind
- edit /etc/samba/smb.conf, and enter the following settings under [global]
(replace: DOMAIN with your domain, PDC.DOMAIN.TLD with the ip
address of the primary DC at this site, BDC.DOMAIN.TLD with the ip
address of a secondary domain controller to use in case the first one is
unavailable, and DOMAIN.TLD with your realm DOMAIN and TLD)
---------------------------------------------------------------------------
/etc/samba/smb.conf
---------------------------------------------------------------------------
[global]
winbind cache time = 10
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind trusted domains only = no
password server = PDC.DOMAIN.TLD BDC.DOMAIN.TLD
realm = DOMAIN.TLD
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
obey pam restrictions = yes
---------------------------------------------------------------------------
The following settings are needed in smb.conf, but should already be there:
workgroup = DOMAIN
encrypt passwords = true
- Join the linux server to the domain:
net ads join -U administrator
You will probably get a lot of errors, such as:
get_service_ticket: kerberos_kinit_password
[EMAIL PROTECTED]@DOMAIN.TLD failed:
Client not found in Kerberos database
Don't worry about these errors, what's important is the end result of joining
the domain. You should receive the message:
Joined 'BS-PC000' to realm 'DOMAIN.TLD'
You may wish to allow domain users to log on to the system. This is dangerous,
because your domain password is going to be stored in a plain text
configuration file later on. There's always a risk that someone with a domain
account might sit down and log in to the BackupPC machine, and then look at the
file where your password is stored. The way to get around this would be to use
pam_succeed_if.so, unfortunately, Debian does doesn't seem to include this
module at this time. So, at present, this configuration is dangerous, and I
don't employ it. However, I spent a good long time figuring out how to make it
work before realizing that it was dangerous, so here's how to do it if you're
OK with the security risk:
- Make a backup copy of the pam.d directory
cp -a /etc/pam.d /etc/pam.d.bak
- Add the following lines to THE TOP OF /etc/pam.d/login:
---------------------------------------------------------------------------
/etc/pam.d/login
---------------------------------------------------------------------------
#Settings to allow domain-based logins
auth sufficient pam_winbind.so
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
session required pam_mkhomedir.so skel=/etc/skel umask=0022
---------------------------------------------------------------------------
- Create a home directory to be used for domain-based login accounts
mkdir /home/DOMAIN
- Give the domain account 'administrator' root access to the linux system
adduser administrator root
- Reboot the machine
reboot
One of the unfortunate side-effects of this configuration is that it prompts
for a password twice if you're logging in to the console of the local system as
'root'. We could add the parameter 'use_first_pass' to pam_unix.so under
common-auth... but the way the debian configuration files are set up, this
breaks some other stuff like SSH login.
On the positive side, with this configuration, it works to log on locally to
the using a domain OR unix account, but SSH only allows a UNIX account.
In any case, at this point you should be able to log in using one of your
domain accounts. If you are unable to do so, check to see that your machine can
interface with Active Directory:
- The following command:
getent group | grep justinb
should return a list of the groups that justinb is a member of
Next, we'll need to set BackupPC to allow Active Directory users to access the
web interface.
- Enter the following commands:
apt-get install libapache-mod-auth-pam
- edit /etc/pam.d/httpd and comment out the existing code while adding the
proper "auth" and "account" lines, so that the file looks like this:
---------------------------------------------------------------------------
/etc/pam.d/httpd
---------------------------------------------------------------------------
#%PAM-1.0
#Settings to allow domain-based logins
auth required pam_winbind.so service=system-auth
account required pam_permit.so
[EMAIL PROTECTED] common-auth
[EMAIL PROTECTED] common-account
---------------------------------------------------------------------------
- Add the line "AuthPAM_Enabled on" to /etc/backuppc/apache.conf, so that it
looks like this:
---------------------------------------------------------------------------
/etc/backuppc/apache.conf
---------------------------------------------------------------------------
Alias /backuppc /usr/share/backuppc/cgi-bin/
<Directory /usr/share/backuppc/cgi-bin/>
AllowOverride None
Options ExecCGI FollowSymlinks
AddHandler cgi-script .cgi
DirectoryIndex index.cgi
AuthGroupFile /etc/backuppc/htgroup
AuthUserFile /etc/backuppc/htpasswd
AuthPAM_Enabled on
AuthType basic
AuthName "BackupPC admin"
require valid-user
</Directory>
---------------------------------------------------------------------------
- Re-start the server:
reboot
I've created a group in the Windows Server Active Directory called
'backuppcadmins', however, we'll need to make sure it is acknowledged properly
by the BackupPC software:
- edit /etc/backuppc/config.pl
- set $Conf{CgiAdminUserGroup} = 'backuppcadmins'
################################################################################
Configure BackupPC
################################################################################
The configuration for BackupPC is stored primarily in two files:
- config.pl is the general configuration for the program
- hosts defines what to back up, and who to email if a backup fails
Here are the settings to modify for /etc/backuppc/config.pl:
- Set the name of your backup server:
$Conf{ServerHost} = 'bs-pc000.domain.tld';
Be sure to make sure to use regular apostrophe characters ( ' ) around the
bs-pc000 part. Debian's install uses weird ` characters by default, which
don't work properly.
- Tell BackupPC to keep 10 full backups of each PC: the 4 weekly backups,
4 monthlys and 2 semi-annual backups:
$Conf{FullKeepCnt} = [4, 0, 4, 0, 0, 2];
- Consider a host as "out of network" if the ping takes over 4 ms:
$Conf{PingMaxMsec} = 4;
- Set the "from" address for emails sent from BackupPC:
$Conf{EMailFromUserName} = '[EMAIL PROTECTED]';
- Set the destination for administrative emails from BackupPC:
$Conf{EMailAdminUserName} = '[EMAIL PROTECTED]';
- Set the domain part for outgoing email messages:
$Conf{EMailUserDestDomain} = '@domain.tld';
- Define who BackupPC should consider to be "administrators"
$Conf{CgiAdminUserGroup} = 'backuppcadmins';
$Conf{CgiAdminUsers} = 'administrator';
- Define how to construct an email address:
$Conf{CgiUserUrlCreate} = 'mailto:[EMAIL PROTECTED]';
- Define how to log in to the PC you're backing up.
$Conf{SmbShareUserName} = 'DOMAIN\Administrator';
$Conf{SmbSharePasswd} = 'Your Password Goes Here';
- Save the file
>From there, put the list of the machines whose C: you'd like to back up inside
the /etc/backuppc/hosts file, like this:
---------------------------------------------------------------------------
/etc/backuppc/hosts
---------------------------------------------------------------------------
localhost 0 justinb
ao-pc121 0 ericm # Eric Miller's OptiPlex GX280
ao-pc122 0 nikkih # Nikki Hansell's OptiPlex GX280
---------------------------------------------------------------------------
################################################################################
Configure DNS
################################################################################
We'll want to make sure that the server is accessible via the proper dns name
(i.e. bs-pc000.domain.tld). Here's how:
- You'll need to get the MAC address of your network card. Type:
ifconfig | grep HWaddr
- Configure a DHCP reservation for that MAC, which makes sure that the BackupPC
machine will always have the same IP address.
- Configure yoru local DNS server to resolve bs-pc000.domain.tld to the
IP address that we set in the reservation.
################################################################################
Configure Automatic Updates
################################################################################
Like any other operating system, flaws are discovered in Debian which could
lead to security breaches. In order to keep things secure, it's important to
keep your system up-to-date. Here's how:
First, configure the mail transfer agent so you can get status messages via
email:
- Type the following command:
base-config
- Configure the Mail Transfer Agent:
- Split configuration into small files: No
- General type of mail configuration: mail sent by smarthost; no local mail
- System mail name: domain.tld
- IP-addresses to listen on for incoming SMTP connections: 127.0.0.1
- Other destinations for which mail is accepted: localhost.localdomain
- Visible domain name for local users: domain.tld
- Machine handling outgoing mail for this host (smarthost): server4.domain.tld
- Root and postmaster mail recipient: real-
- Finish configuring the base system
Next, let's install cron-apt so that we are automatically notified of upgrades
to Debian that need to be installed.
- Enter the following command:
apt-get install cron-apt
- Edit /etc/cron-apt/config, and:
change the line that says:
# MAILTO="root"
so that it says:
MAILTO="[EMAIL PROTECTED]"
change the line that says:
# MAILON="error"
so that it says:
MAILON="upgrade"
- Edit the /etc/cron.d/cron-apt and set a new schedule for updates, if desired
Once a day, your system will check for upgrades to packages. Whenever an update
or patch is released, you'll receive an email. When you do, you'll want to log
in and enter the command 'apt-get upgrade' to install the update.
################################################################################
References
################################################################################
Integrated Logon Support using Winbind:
http://www.it.lut.fi/~doc/samba-3.0.0beta3/htmldocs/winbind.html
Linux-Active Directory-Apache Integration With PAM
http://muyiwataiwo.com/main/book/howtos/linux_ad_integration
Linux integration with Active Directory Authentication
http://www.timkennedy.net/docs/Linux+Active_Directory.html
Linux-Windows Single Sign-On
http://www.redmondmag.com/columns/article.asp?EditorialsID=858
Join Linux to Active Directory with Winbind
http://www.enterprisenetworkingplanet.com/netos/article.php/3502441
Debian Network install from a minimal CD
http://www.debian.org/CD/netinst/
BackupPC
http://backuppc.sourceforge.net
PuTTY Download Page
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
