Authentication error

Question

Authentication error

emilkaae opened this issue 7 years ago · 5 comments

I am getting authentication errors when trying to initiate a time machine backup on a fresh Docker container, built from master rev. 9ef27f0.

I have set the docker environment variables to timemachine/timemachine on the container.
I can connect with cmd-k using those credentials, but time machine fails.

I am running OSX 10.13.1.

Any hints on diagnosing the authentication issue?

Answer 1 · 2017-11-03T16:47:51.000Z

Hey there!

Have you created users manually? Or using env variables?
Can you put the commands you execute (changing user/passwords, etc), so I can reproduce it?

Thanks for reporting!

Answer 2 · 2017-11-03T20:19:14.000Z

I have only used environment variables.

I start the container using this command:
docker run -h timemachine --name timemachine --restart unless-stopped -d -v /timemachine/:/timemachine -p 549:548 -p 637:636 -e "AFP_LOGIN=timemachine" -e "AFP_PASSWORD=timemachine" -e "AFP_NAME=DockerTimeMachine" -e "AFP_SIZE_LIMIT=500000" odarriba/timemachine

I used to have a container running an earlier version of the Docker image on the same machine where I had manually upgraded the netatalk daemon. I have flushed old passwords from the OSX key chain afterwards in an effort to make sure OSX has not cached any old credentials.

@edit: I turned up logging inside the container, and came across
{uams_dhx2_pam.c:666} (info:UAMS): DHX2: PAM_Error: Authentication failure. I am currently working from a hypothesis that the PAM config on the host is different from the container. That would explain why I can connect through AFP to shares on the host, but not through time machine.

Answer 3 · 2017-12-27T23:26:05.000Z

I have the same problem. OSX can't create a backup because authentication fails. I upgrade the image for a few days using 'docker-compose pull' and 'docker-compose up -d' to recreate the service. The timemachine was working before. The account was created manually with the add-account command.

update: it seems I have to recreate the account after the upgrade...

Answer 4 · 2018-04-06T12:32:51.000Z

@fhaefemeier Authentication does not persist after you destroy (or recreate) container. I suggest you write a script that creates users from config file on container start.

Oh, I see this was already mentioned in this commit: 2d35674

Answer 5 · 2018-05-16T14:35:30.000Z

Also, you can have an external afp.conf file and mount it always on your container