Authentication error
emilkaae opened this issue · 5 comments
I am getting authentication errors when trying to initiate a time machine backup on a fresh Docker container, built from master rev. 9ef27f0.
I have set the docker environment variables to timemachine/timemachine on the container.
I can connect with cmd-k using those credentials, but time machine fails.
I am running OSX 10.13.1.
Any hints on diagnosing the authentication issue?
Hey there!
Have you created users manually? Or using env variables?
Can you put the commands you execute (changing user/passwords, etc), so I can reproduce it?
Thanks for reporting!
I have only used environment variables.
I start the container using this command:
docker run -h timemachine --name timemachine --restart unless-stopped -d -v /timemachine/:/timemachine -p 549:548 -p 637:636 -e "AFP_LOGIN=timemachine" -e "AFP_PASSWORD=timemachine" -e "AFP_NAME=DockerTimeMachine" -e "AFP_SIZE_LIMIT=500000" odarriba/timemachine
I used to have a container running an earlier version of the Docker image on the same machine where I had manually upgraded the netatalk daemon. I have flushed old passwords from the OSX key chain afterwards in an effort to make sure OSX has not cached any old credentials.
@edit: I turned up logging inside the container, and came across
{uams_dhx2_pam.c:666} (info:UAMS): DHX2: PAM_Error: Authentication failure
. I am currently working from a hypothesis that the PAM config on the host is different from the container. That would explain why I can connect through AFP to shares on the host, but not through time machine.
I have the same problem. OSX can't create a backup because authentication fails. I upgrade the image for a few days using 'docker-compose pull' and 'docker-compose up -d' to recreate the service. The timemachine was working before. The account was created manually with the add-account command.
update: it seems I have to recreate the account after the upgrade...
@fhaefemeier Authentication does not persist after you destroy (or recreate) container. I suggest you write a script that creates users from config file on container start.
Oh, I see this was already mentioned in this commit: 2d35674
Also, you can have an external afp.conf
file and mount it always on your container