Hi Ken, I too use Debian, and love it. I kept notes of how I set up BackupPC, because I wanted to be able to repeat the setup process. My howto is attached.
I'm not sure what an 'md' drive is, but here's how I move the BackupPC files to a different location (in this case, a hard drive that's been mounted as /backups) - Stop BackupPC: /etc/init.d/backuppc stop - Copy the BackupPC files to the new hard drive cp -a /var/lib/backuppc /backups - Delete the old files rm -r /var/lib/backuppc - Link the new location to the old location ln -s /backups/backuppc /var/lib/backuppc - Start BackupPC Again: /etc/init.d/backuppc start Justin Best -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Walker Sent: Friday, February 17, 2006 6:58 AM To: backuppc-users@lists.sourceforge.net Subject: [BackupPC-users] Help I've just been searching for backup methods and came across backuppc, which was described as easy to set up. well I've install it on Debian, and its up and running, i've added a remote machine to the hosts file, and it's just done a local machine backup. But I'm getting access denied errors on the local machine backup I can't find where to change the backup location, i want it on a raid5 drive and not on my operating system drive. It says it's putting them in /var/lib/backuppc/pc/localhost/0 but i want them on an md drive. On the remote machine, can i just select specific folders to back up or is it all or nothing. Is there a 'simple get up and running' document anywhere ? many thanks Ken ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
################################################################################ ################################################################################ Configuring BackupPC on Debian Sarge By Justin Best 1/26/2006 ################################################################################ ################################################################################ This howto document is prepared primarily to give myself a record of how my BackupPC machines are configured so that in the event that something goes wrong, I can fix it easier. For hardware, I'm finding great success with very minimal hardware requirements. I'm using a P3-666 machine for the BackupPC server. I've read that BackupPC does tend to like lots of RAM, so I've go the system at 512MB. Hard disk size is dependent on your individual requirements. I hope this document is helpful to you in your situation. Feel free to give me a shout if you're having trouble and I'll do what I can to assist. Justin Best [EMAIL PROTECTED] ################################################################################ Install Debian ################################################################################ To install Debian, go ahead and download a Debian NetInstall CD from www.debian.org. At the time of writing, the latest stable release of the Debian linux distribution is 3.1 (Sarge). You'll want to download the .iso file listed as the "Official netinst image" for the i386 architecture. If you aren't familiar with how to use .iso files, please see http://www.debian.org/CD/faq/#what-is. Here is a direct link to download the image for the i386 platform: http://cdimage.debian.org/debian-cd/3.1_r1/i386/iso-cd/debian-31r1a-i386-netinst.iso Once you've downloaded the .iso and burned it to a CD, simply put it in the drive and boot the computer, the same as if you were installing windows. If all was done properly, the Debian installer will come up. To properly install Debain, you'll need the following settings: - Hostname: bs-pc000 (where 000 is a unique number to idenfity this PC) - Domain Name: domain.tld (should come up automatically via DHCP) - Partitioning: erase entire disk IDE1 master (hda) - Partitioning Scheme: All files in one partition - Boot loader: Install the GRUB boot loader to the master boot record. Once you've finished installing the Debian base system, the CD is ejected from the drive. Remove it, and hit enter to reboot the system. Once the system reboots, you'll need the following settings: - Time Zone: Pacific - root password: See Justin Best for information about this As soon as you are finished setting the root password, you will be prompted to create an account for non-administrative privileges. At this point, choose Cancel. This will take you to the Debian base system configuration menu Next, we need to choose a server to download additional software packages from. From the Debian base system configuration menu: - choose "Configure apt" - Access method: "http" - Mirror country: United States - Mirror to download software from: mirrors.kernel.org - HTTP Proxy: none (leave blank) - Once the system has finished communicating with the mirror, choose Yes to add another apt source. Use the same settings as before, but this time choose a different mirror (such as debian.oregonstate.edu) - Once the system is done communicating with the second mirror, choose No - Download security updates: Yes Once the base system configuration menu is displayed again, choose "Finish configuring the base system" ################################################################################ Enable Remote Access ################################################################################ Throughout this configuration process, we'll need to edit a good number of text files. I've found that the copy-and-past method works significantly better than retyping for this type of thing. To install SSH: - Log in to the system as 'root' - Enter the following command: apt-get install ssh - Allow SSH protocol 2 only: Yes - Install with SUID: Yes - Run the sshd server: Yes Next, download PuTTY on your Windows machine: http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe - PuTTY doesn't need need to be installed. Just double-click the .exe file to open the program - You'll need the IP address of your BackupPC machine. Get it by typing: ifconfig at the console. - Type the IP address of your BackupPC machine under "Host Name (or IP Address) then click "Open". - When the black screen comes up, log in as root. To copy text while logged in with PuTTY, drag your mouse to select an area of the screen, and then left-click the selection. Similarly, to paste text, right-click with your mouse at any time. Be careful, pasting text has the same effect as entering commands on the keyboard! ################################################################################ Install additional software ################################################################################ I like using VIM to edit text files. If you're not familiar with the VI editor, you may prefer to use something simpler, like Nano. Let's install both now: - Log in to the system as 'root' - To install VIM, type: apt-get install vim - To install Nano, type: apt-get install nano - Install less, a useful command-line tool: apt-get install less ################################################################################ Install BackupPC ################################################################################ To Install & configure BackupPC: - enter the command: apt-get install backuppc - enable suExec: Yes - Workgroup/Domain Name: DOMAIN - Use Password Encryption: Yes d - Modify smb.conf to use WINS settings from DHCP: No - Add aliases for /backuppc/ to your apache config files: Yes - Change the password to BackupPC by typing the following commmand: htpasswd /etc/backuppc/htpasswd backuppc ################################################################################ Add a second hard drive (optional) ################################################################################ Because BackupPC benefits from a file system known as "ReiserFS", and because I find it nice to have a hard drive dedicated entirely to storing backup files, I've been in the habit of adding a second hard drive to all my BackupPC servers. I've been using 200GB IDE hard drives for this purpose. I've found that 200GB enough to keep a very large number of backups (15 desktops times 4 backups each only ends up being about 40GB). Go ahead and shut the computer down: - log in as 'root' - type the following command: shutdown -hP now - when the system is ready, turn the power off Next, plug in the physical hard drive and power the system back on. Check in the BIOS to make sure the hard drive has been recognized by the system (don't worry if the BIOS thinks the hard drive is smaller than it actually is, Linux seems to take care of BIOS size limitations.) To prepare the second hard drive: - Install ReiserFS with the following command: apt-get install reiserfsprogs - Partition the Hard Drive by by typing: fdisk /dev/hdb - delete any existing partitions by typing 'd' and pressing enter until the message "No partition is defined yet!" is displayed - type 'n' and hit enter to create a new partition - type 'p' and press enter - type '1' and press enter - press enter twice to choose the default values for start and end cylinders - type 'w' and press enter to write the new partitioning scheme to disk - Format the hard drive using the following command: mkfs.reiserfs /dev/hdb1 Once the hard drive is formatted, we'll need to add some additional information to our file system table in order to access it - Enter the following commands: mkdir /backups nano /etc/fstab - Add a new line on the end of the file that says: /dev/hdb1 /backups reiserfs defaults 0 0 So that your file looks something like this: # /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 /dev/hda1 / ext3 defaults,errors=remount-ro 0 1 /dev/hda5 none swap sw 0 0 /dev/hdc /media/cdrom0 iso9660 ro,user,noauto 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto 0 0 /dev/hdb1 /backups reiserfs defaults 0 0 - Save the file and exit. Once this is done, reboot the system. To check and make sure that the hard disk is properly configured, type 'df'. You should get an output listing /dev/hdb1, like this: Filesystem 1K-blocks Used Available Use% Mounted on /dev/hda1 14128684 344900 13066084 3% / tmpfs 258204 0 258204 0% /dev/shm /dev/hdb1 195352432 33560 195318872 1% /backups Since the hard drive is up and running properly, let's move the BackupPC files onto it: - Stop BackupPC: /etc/init.d/backuppc stop - Copy the BackupPC files to the new hard drive cp -a /var/lib/backuppc /backups - Delete the old files rm -r /var/lib/backuppc - Link the new location to the old location ln -s /backups/backuppc /var/lib/backuppc - Start BackupPC Again: /etc/init.d/backuppc start - Here are all those commands in a row (so you can easily cut-and-paste) /etc/init.d/backuppc stop cp -a /var/lib/backuppc /backups rm -r /var/lib/backuppc ln -s /backups/backuppc /var/lib/backuppc /etc/init.d/backuppc start ################################################################################ Configure BackupPC to allow Active Directory users (optional) ################################################################################ In order to allow users to authenticate using their regular windows accounts, we'll want to be able to interact with the windows servers. We'll need to install some new software to get there: - Enter the following command: apt-get install samba - How do you want to run Samba: daemons - Create samba pasword database: Yes - Enter the following command: apt-get install winbind Next, we'll need to adjust some configuration files. - Edit /etc/nsswitch.conf, and change passwd: compat group: compat shadow: compat To: passwd: compat winbind group: compat winbind shadow: compat winbind - edit /etc/samba/smb.conf, and enter the following settings under [global] (replace: DOMAIN with your domain, PDC.DOMAIN.TLD with the ip address of the primary DC at this site, BDC.DOMAIN.TLD with the ip address of a secondary domain controller to use in case the first one is unavailable, and DOMAIN.TLD with your realm DOMAIN and TLD) --------------------------------------------------------------------------- /etc/samba/smb.conf --------------------------------------------------------------------------- [global] winbind cache time = 10 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind trusted domains only = no password server = PDC.DOMAIN.TLD BDC.DOMAIN.TLD realm = DOMAIN.TLD security = ads idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash template homedir = /home/%D/%U obey pam restrictions = yes --------------------------------------------------------------------------- The following settings are needed in smb.conf, but should already be there: workgroup = DOMAIN encrypt passwords = true - Join the linux server to the domain: net ads join -U administrator You will probably get a lot of errors, such as: get_service_ticket: kerberos_kinit_password [EMAIL PROTECTED]@DOMAIN.TLD failed: Client not found in Kerberos database Don't worry about these errors, what's important is the end result of joining the domain. You should receive the message: Joined 'BS-PC000' to realm 'DOMAIN.TLD' You may wish to allow domain users to log on to the system. This is dangerous, because your domain password is going to be stored in a plain text configuration file later on. There's always a risk that someone with a domain account might sit down and log in to the BackupPC machine, and then look at the file where your password is stored. The way to get around this would be to use pam_succeed_if.so, unfortunately, Debian does doesn't seem to include this module at this time. So, at present, this configuration is dangerous, and I don't employ it. However, I spent a good long time figuring out how to make it work before realizing that it was dangerous, so here's how to do it if you're OK with the security risk: - Make a backup copy of the pam.d directory cp -a /etc/pam.d /etc/pam.d.bak - Add the following lines to THE TOP OF /etc/pam.d/login: --------------------------------------------------------------------------- /etc/pam.d/login --------------------------------------------------------------------------- #Settings to allow domain-based logins auth sufficient pam_winbind.so account sufficient pam_winbind.so password sufficient pam_winbind.so use_authtok session required pam_mkhomedir.so skel=/etc/skel umask=0022 --------------------------------------------------------------------------- - Create a home directory to be used for domain-based login accounts mkdir /home/DOMAIN - Give the domain account 'administrator' root access to the linux system adduser administrator root - Reboot the machine reboot One of the unfortunate side-effects of this configuration is that it prompts for a password twice if you're logging in to the console of the local system as 'root'. We could add the parameter 'use_first_pass' to pam_unix.so under common-auth... but the way the debian configuration files are set up, this breaks some other stuff like SSH login. On the positive side, with this configuration, it works to log on locally to the using a domain OR unix account, but SSH only allows a UNIX account. In any case, at this point you should be able to log in using one of your domain accounts. If you are unable to do so, check to see that your machine can interface with Active Directory: - The following command: getent group | grep justinb should return a list of the groups that justinb is a member of Next, we'll need to set BackupPC to allow Active Directory users to access the web interface. - Enter the following commands: apt-get install libapache-mod-auth-pam - edit /etc/pam.d/httpd and comment out the existing code while adding the proper "auth" and "account" lines, so that the file looks like this: --------------------------------------------------------------------------- /etc/pam.d/httpd --------------------------------------------------------------------------- #%PAM-1.0 #Settings to allow domain-based logins auth required pam_winbind.so service=system-auth account required pam_permit.so [EMAIL PROTECTED] common-auth [EMAIL PROTECTED] common-account --------------------------------------------------------------------------- - Add the line "AuthPAM_Enabled on" to /etc/backuppc/apache.conf, so that it looks like this: --------------------------------------------------------------------------- /etc/backuppc/apache.conf --------------------------------------------------------------------------- Alias /backuppc /usr/share/backuppc/cgi-bin/ <Directory /usr/share/backuppc/cgi-bin/> AllowOverride None Options ExecCGI FollowSymlinks AddHandler cgi-script .cgi DirectoryIndex index.cgi AuthGroupFile /etc/backuppc/htgroup AuthUserFile /etc/backuppc/htpasswd AuthPAM_Enabled on AuthType basic AuthName "BackupPC admin" require valid-user </Directory> --------------------------------------------------------------------------- - Re-start the server: reboot I've created a group in the Windows Server Active Directory called 'backuppcadmins', however, we'll need to make sure it is acknowledged properly by the BackupPC software: - edit /etc/backuppc/config.pl - set $Conf{CgiAdminUserGroup} = 'backuppcadmins' ################################################################################ Configure BackupPC ################################################################################ The configuration for BackupPC is stored primarily in two files: - config.pl is the general configuration for the program - hosts defines what to back up, and who to email if a backup fails Here are the settings to modify for /etc/backuppc/config.pl: - Set the name of your backup server: $Conf{ServerHost} = 'bs-pc000.domain.tld'; Be sure to make sure to use regular apostrophe characters ( ' ) around the bs-pc000 part. Debian's install uses weird ` characters by default, which don't work properly. - Tell BackupPC to keep 10 full backups of each PC: the 4 weekly backups, 4 monthlys and 2 semi-annual backups: $Conf{FullKeepCnt} = [4, 0, 4, 0, 0, 2]; - Consider a host as "out of network" if the ping takes over 4 ms: $Conf{PingMaxMsec} = 4; - Set the "from" address for emails sent from BackupPC: $Conf{EMailFromUserName} = '[EMAIL PROTECTED]'; - Set the destination for administrative emails from BackupPC: $Conf{EMailAdminUserName} = '[EMAIL PROTECTED]'; - Set the domain part for outgoing email messages: $Conf{EMailUserDestDomain} = '@domain.tld'; - Define who BackupPC should consider to be "administrators" $Conf{CgiAdminUserGroup} = 'backuppcadmins'; $Conf{CgiAdminUsers} = 'administrator'; - Define how to construct an email address: $Conf{CgiUserUrlCreate} = 'mailto:[EMAIL PROTECTED]'; - Define how to log in to the PC you're backing up. $Conf{SmbShareUserName} = 'DOMAIN\Administrator'; $Conf{SmbSharePasswd} = 'Your Password Goes Here'; - Save the file >From there, put the list of the machines whose C: you'd like to back up inside the /etc/backuppc/hosts file, like this: --------------------------------------------------------------------------- /etc/backuppc/hosts --------------------------------------------------------------------------- localhost 0 justinb ao-pc121 0 ericm # Eric Miller's OptiPlex GX280 ao-pc122 0 nikkih # Nikki Hansell's OptiPlex GX280 --------------------------------------------------------------------------- ################################################################################ Configure DNS ################################################################################ We'll want to make sure that the server is accessible via the proper dns name (i.e. bs-pc000.domain.tld). Here's how: - You'll need to get the MAC address of your network card. Type: ifconfig | grep HWaddr - Configure a DHCP reservation for that MAC, which makes sure that the BackupPC machine will always have the same IP address. - Configure yoru local DNS server to resolve bs-pc000.domain.tld to the IP address that we set in the reservation. ################################################################################ Configure Automatic Updates ################################################################################ Like any other operating system, flaws are discovered in Debian which could lead to security breaches. In order to keep things secure, it's important to keep your system up-to-date. Here's how: First, configure the mail transfer agent so you can get status messages via email: - Type the following command: base-config - Configure the Mail Transfer Agent: - Split configuration into small files: No - General type of mail configuration: mail sent by smarthost; no local mail - System mail name: domain.tld - IP-addresses to listen on for incoming SMTP connections: 127.0.0.1 - Other destinations for which mail is accepted: localhost.localdomain - Visible domain name for local users: domain.tld - Machine handling outgoing mail for this host (smarthost): server4.domain.tld - Root and postmaster mail recipient: real- - Finish configuring the base system Next, let's install cron-apt so that we are automatically notified of upgrades to Debian that need to be installed. - Enter the following command: apt-get install cron-apt - Edit /etc/cron-apt/config, and: change the line that says: # MAILTO="root" so that it says: MAILTO="[EMAIL PROTECTED]" change the line that says: # MAILON="error" so that it says: MAILON="upgrade" - Edit the /etc/cron.d/cron-apt and set a new schedule for updates, if desired Once a day, your system will check for upgrades to packages. Whenever an update or patch is released, you'll receive an email. When you do, you'll want to log in and enter the command 'apt-get upgrade' to install the update. ################################################################################ References ################################################################################ Integrated Logon Support using Winbind: http://www.it.lut.fi/~doc/samba-3.0.0beta3/htmldocs/winbind.html Linux-Active Directory-Apache Integration With PAM http://muyiwataiwo.com/main/book/howtos/linux_ad_integration Linux integration with Active Directory Authentication http://www.timkennedy.net/docs/Linux+Active_Directory.html Linux-Windows Single Sign-On http://www.redmondmag.com/columns/article.asp?EditorialsID=858 Join Linux to Active Directory with Winbind http://www.enterprisenetworkingplanet.com/netos/article.php/3502441 Debian Network install from a minimal CD http://www.debian.org/CD/netinst/ BackupPC http://backuppc.sourceforge.net PuTTY Download Page http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html