Rsync is an amazing and versatile program for Linux that is capable of keeping versioned backups of just about anything, via the magic of symbolic links, or symlinks.
Today we’ll setting up rsync to mount a remote SMB share over NFS ( network file system ) and then configuring a schedule with crontab to schedule automatic backups. Of course this particular directory will be dedicated to rsync only, but you could use any partition or directory that you like. You’ll need a couple of things to pull this off – a Server 2008 server with Active Directory / File Services, which you can read more about setting up here. The second thing you’ll need is a Centrify enabled Linux box, which I setup here in this previous post. Rsync comes default with every Debian/Ubuntu distribution out there, so there’s no need to install it – just hop onto your Linux machine over SSH and get to it. Here’s how to mount a remote SMB share in the latest version of Ubuntu, and use rsync to backup this share
First things first, let’s go ahead and create a mount point for the target SMB2 share and name it something logical.
Now adjust the permissions appropriately on the “share” directory.
Now let’s use tasksel to make sure that we’ve installed the samba packages; this will help down the road when we’re mounting the remote SMB share.
Now that’s out of the way, go ahead and open up the /etc/network/interfaces file and prep your networking environment for two things: our DNS server, and our DNS namespace. Your interfaces file should look similar to below adjusted for your specific domain controller of course. The key things to set here are the dns-nameservers / dns-search directives of course ;)
Now open up your /etc/hosts configuration file and designate the appropriate name server – the domain controller of course. Make sure to use the FQDN as opposed to just the plain-jane hostname.
Basic leg work for the Ubuntu machine is done and now we’re ready to turn our eye towards prepping the domain controller. Hop onto your DC and set a forward static A record pointing back to the Ubuntu box.
Ping the ubuntu hostname to make sure that you set the correct IP address for the A record.
Now do likewise from the Ubuntu box to make sure you’re getting the expected IP address of the domain controller.
Awesome. Hop back onto your domain controller and create a new folder that will serve as our remote SMB share. Remove the ‘everyone’ group and add the ‘authenticated users’ group on the folder permissions after you’ve created it.
Alright! We’re ready to install CentrifyDC on our Ubuntu machine which will allow us to mount this SMB/Windows Share. There are other ways to do it, but they are sloppy – some require that you put credentials in a flat file, a big security no no, and furthermore they aren’t persistent connections. Nothing is worse than losing your mount point and have rsync sync a blank folder – this basically eliminates your backups since rsync recognizes this as a change by design. Back to CentrifyDC – add the necessary repos to install the package with aptitude. You can refer to this previous post here regarding installation of CentrifyDC on Ubuntu, or continue to follow along :)
Firstly, you need to install an additional package to add non standard repositories:
Now add the oneric repositories to your list:
Then update your repositories:
Now we’re ready to install CentrifyDC and join the Ubuntu machine to the domain. Install CentrifyDC first:
Sweet – now we can run the adjoin command and integrate this machine into our Active Directory environment. This is hands down the easiest way to mount a remote SMB share between UNIX/Microsoft. Note that I’m simply going to use the default Administrator account, but as a best practice you would most definitely want to provision this with a service account.
Restart your Ubuntu server before proceeding, otherwise you might run into some nasty errors with DNS / name resolution. Now, remember earlier in the post where I mentioned that putting your credentials in a regular file to authenticate against the remote SMB share was a bad idea? It absolutely is – so let’s create a special, hidden file and lock down the permissions to restrict access. Use a text editor and a create the following file, with the following contents :
Now let’s secure the file to the least possible privilege :
Open up /etc/fstab and add the following line to the configuration, making sure to customize the paths and usernames to your installation.
Test your fstab entry out by running sudo mount -a
If you don’t receive any errors – then you’ve successfully mounted the remote SMB share to your local Ubuntu filesystem. Whew. That was a good amount of prep-work to get to a point where we could actually start using rsync to backup the windows shares, but there’s a right way to do things and a wrong way to do things I suppose. Now it’s time to create a /backups directory on our box which will rsync the files from /shares to /backup.
CHMOD it to 755 :
Now we’re ready for a test run :
Check the contents of /backups with ls to make sure our data made it over :
Now add the rsync command to cron and schedule it according to your needs, I’m setting mine to backup every hour on the hour.
And that’s how you configure rsync with cron jobs to backup remote SMB shares in an Active Directory environment. Keep in mind that there is most definitely more than one way to accomplish this – this is just the way I chose to implement it this particular time around. Also keep in mind this is purely for learning / tutorial purposes and should be scrutinized heavily before implementing in a production environment.