Authenticate BackupPC CGI Users With Windows Active Directory
Now that the Linux box is authenticating its users with their ADS credentials, and Apache is protecting its directories using the same ADS user database, we are ready to set up BackupPC to show users only the PCs for which their names are recorded in BackupPC's hosts file.
We do this by simply using the Active Directory user names for these users in BackupPC's hosts file. Now, when any such users gives their ADS username and password when prompted by BackupPC, only the PCs listed for them will be shown.
For BackupPC administrators however, we need to do a little bit more configuration.
First, create a new Active Directory Group in your ADS, and add the user names of the users who will be the BackupPC administrators to that group. Then, in BackupPC's config.pl file, set the variable $Conf{CgiAdminUserGroup} to the name of the group on your ADS server. For example, if the ADS group you created is called backuppcadmins, the variable would be set as follows:
$Conf{CgiAdminUserGroup} = 'backuppcadmins';
If you have some BackupPC administrators on the Linux box but not in the Windows ADS domain, you can add their Linux user names to the variable $Conf{CgiAdminUsers} like so:
$Conf{CgiAdminUsers} = 'john mary jack';
That's it! Restart BackupPC, and you should be fine. If you have any problems, place a comment here, or use the contact form on this site to send me a message, and I'll do my best to assist you.
I've also recently done this using a SuSE box (OpenSuSE 10.0), and the steps are very similar. I'll imagine that the steps will be quite similar for other distributions as well.
I have deliberately ommitted details about downloading and installing the various software, because that is adequately covered in the references that I've given. If I get many requests to include those steps, then I will. But I don't believe in duplicating what's already been done.
Comments
BackupPC, AD, and the MyDocuments Directories...
November 12, 2007 by Miguel Alho (not verified), 4 years 12 weeks ago
Comment: 95
Hi, Sorry for the slight off-topic, but I'm kinda in trouble with a detail of BackupPC on Win machines, that you might know how to resolve.
Basicly I've setup a Linux machine (ubuntu 7.04) with BackupPC to backup the data on computers in a small network at an old-persons home.
The problem - I'm not getting the Documents and Settings folders backed up, which means that I'm missing important info on some computers. I'm getting the folders, just not the contents.
Initially I created specific shares on the disks (disk's root) giving permissions to a user I created on the AD. I also added the user to the domain's built in Backup Operater group. Backs up almost everything, except the important Documents&Settings Folder contents.
Then I tried adding the user to the domain's admin group (I know It's not the right thing to do, but since It should have access to everything, I thought I'd give it a try) but that didn't work either. I can connect to the share correctly from the linux machine (using Nautilus), and I can see the contents of the folders and even copy files from there. But BackupPC won't pull them.
So then I read that I should use the default C$ share that BackupOps has permissions to use, and doing an incremental backup, nothing got pulled from the MyDocuments folders. I still have the folders but no files inside.
So I'm kinda stuck and wondering If You have ever encontered this type of problem and If you have any idea as to what I may be missing... Or any ideas on tests that I could run.
Thanks! (hey, It might even work as another post.. hehe)
Mike
Files not being pulled in by BackupPC
November 13, 2007 by muyiwa, 4 years 12 weeks ago
Comment: 96
Might sound silly, but have you looked in BackupPC's log files? They should give you a hint regarding whether or not what you have is a permissions problem.
You may want to take a look at these config variables:
$Conf{BackupFilesExclude}Maybe files in "My Documents" are being explicitly excluded?
$Conf{SmbShareName}. This is OK as C$
$Conf{SmbShareUserName}. You need to set this to the name of the backup operator
$Conf{SmbSharePasswd}. This should be the password of the backup operator
Cheers,
Muyiwa
BackupPC creates folders but does not back up files
April 28, 2008 by Dave (not verified), 3 years 40 weeks ago
Comment: 138
Sorry to keep going on this thread, but I am having a similar problem, but only with Vista machines. I thought I had set them all (XP and Vista) up the same way (rsync usernames and passwords), but the Vista machine makes folders and then does not back up the files in them (my pictures and my music). Besides the above hints, have you ever heard of this? Any other ideas?
Thanks for any help!
Dave
Sorry i can't help you,
April 28, 2008 by muyiwa, 3 years 40 weeks ago
Comment: 139
Sorry i can't help you, Dave, as I have absolutely no experience with Vista. I've heard that the security is different between Vista and XP, although I can't say exactly how. You may be running into a security-related issue on your Vista machine, and you should probably take a look at your firewall settings, especially if you're getting connection failure messages in your BackupPC logs.
Muyiwa