Slightly insecure, due to storing the user password, encrypted, on the client machines. See here:
http://cygwin.com/cygwin-ug-net/ntsec.html - section "Switching the User Context, Method 3"
The idea is to be able to backup all files, including open files ("locked"), by using VSS (Volume Shadow Copy Service).
You will need the files that I've shared here.
http://cygwin.com/cygwin-ug-net/ntsec.html - section "Switching the User Context, Method 3"
The idea is to be able to backup all files, including open files ("locked"), by using VSS (Volume Shadow Copy Service).
You will need the files that I've shared here.
- Add the domain user called "backuppc", using the Computer Management program in Control Panel, Administrative Tools. Make this user administrator of the local machine.
- Download Cygwin 1.7+ from the regular place: http://www.cygwin.com/
- Install the default Cygwin system, plus the following: cygrunsrv, openssh, and rsync
- I also install nano (my editor of choice), and procps (for top)
- Start a cygwin shell and type:
# ssh-host-config -y # cygrunsrv -S sshd # mkpasswd -l -u backuppc -d YOURDOMAIN.COM >> /etc/passwd
- After doing this, check /etc/groups, make sure that the Domain Users group is added. If not, add this line to the end of the file:
Domain Users:S-1-5-21-3835976426-429400520-196227251-513:10513:
- I then attempt to ssh into my backupPC system from cygwin, just a nice test, and creates the .ssh directory for me.
- Copy BackupPC’s public key over, by running this from the SRVR-UBackup server:
# ssh-copy-id backuppc@windows-server-name
- Connect through SSH to the new server, and run this to store an encrypted copy of the user password on the new server:
# passwd -R
- Doing this allows the user to execute administrative operations when logging in using SSH passwordless authentication. Somewhat insecure, but easiest to set up, and should be reasonable in our case.
NOTE: If it fails, try logging into the server with Remote Desktop as BackupPC, then run the Cygwin terminal as Administrator (righ-click). - Install the post-backuppc.sh and pre-backuppc.sh scripts from Windows-vShadow-simplified.zip to the backuppc home directory. Remember to make them executable (chmod +x), and make them owned by BackupPC@yourdomain.com
NOTE: Carefully edit it to match the drives of the new server that you plant to back up. - Install the appropriate vshadow.exe from vshadow-versions.7z in C:\WINDOWS of the new server. Several versions are attached below. Make sure you rename it to vshadow.exe
- Test the process by doing ssh to the new server as user backuppc, and running /home/backuppc/pre-backuppc.sh. You should see shadow drives come up in C:\shadow.
- In the BackupPC configuration for the host, change the following:
- Xfer:
- RsyncClientCmd:
$sshPath -c blowfish -q -x -l backuppc $host $rsyncPath $argList+ - RsyncClientRestoreCmd:
$sshPath -c blowfish -q -x -l backuppc $host $rsyncPath $argList+
- RsyncClientCmd:
- Backup Settings:
- DumpPreUserCmd:
$sshPath -c blowfish -q -x -l backuppc $host /usr/bin/bash -l -c /home/backuppc/pre-backup.sh - DumpPostUserCmd:
$sshPath -c blowfish -q -x -l backuppc $host /usr/bin/bash -l -c /home/backuppc/post-backup.sh
- DumpPreUserCmd:
- Xfer:
Hi, do you still have the files required for this? Link seems to be broken. Thank you very much.
ReplyDeleteSorry, I only saw this very late. I have updated the link. It should work now.
DeleteHi, I saw a little mistake in you excellent tutorial, the files are name pre-backup.sh & post-backup.sh, but you refer to them as pre-backuppc.sh & post-backuppc.sh later (in the backuppc server config) :)
ReplyDeleteThanks. Fixed! :)
DeleteStupid question, but since I'm mostly a Linux/Mac guy I haven't used Windows shadow stuff... Do you specify the backup to run on / or on /shadow/X ? Also, while the script runs mnaually, I don't see that BackupPC is doing it, but I can check on that separately. :)
ReplyDeleteScratch my previous comment... Figured out the pre/post thing. But the question remains, do we still need to do the rsync configuration from your previous method, or what? If not, what to specify for the path? Sorry for the confusion.
ReplyDeleteHi,
DeleteYou backup the /cygdrv/c/shadow/c folder if what you are trying to backup is the whole C: drive. Or whatever subfolder you are aiming for.
The pre-backup script creates a "frozen" version of the whole C: drive (or additional drives) inside the /cygdrv/c/shadow folder.
I don't think you need to look at the older post at all. The Cygwin installation instructions on this post get you what you need.
Let me know how it goes.