Endy's Blogomat


How to use Time Machine with a network share

There are quite a lot of useful information out there how to use a network share as destination for time machine. However I would like to add my own howto which also includes encryption oft the image.

I use this setup for a while now at home and at work. At work we use a x86 solaris box with samba and ZFS (at home i use linux and samba on ext3). If a user connects to a share a snapshot is automatically taken – if something goes wrong with a backup we can rollback. This works absolute flawless. So we have a network based backup for time machine with encryption.

Enter the following on the command-line (start Terminal):

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
  • Now mount the image share via finder
  • Next open a terminal and enter the directory you mounted the share (e.g. /Volumes/image
  • Now open Time Machine Preferences and select the network share
  • issue a ls -la until you see a file with the endening sparsebundle and copy the name.
  • open time machine Preferences and under change disk select none.
  • ensure that in the mount directory no sparebundel exists any more and delete the file .<your mac address> – you need to execute a chmod +w in order to delete that file
  • now open disk utility from the Utility folder under Applications
  • select New image now paste the sparsebundle filename – remove .tmp inside the filename
  • set the properties to this values:

diskutil

  • Encryption: select encryption – you need to provide a password and check the Store password in keychain box!
  • Create the image on your desktop – don’t worry it won’t be that big since it is growable 🙂
  • unmount the new create sparsebundle
  • Encryption: open Keychain Access under Login locate the key for the sparsebundle and copy it into the System Key chain
  • Now copy this file to your image share
  • open Time Machine Preferences and klick change disk
  • again select the image share
  • enjoy

SMTP TLS trouble with cisco 851w

Since weeks I experienced a very strange problem with smtp and tls. My postfix mail server allows TLS encrypted connections – unfortunately this does not seem to work as soon as I’m at home – at work everything is fine. Today I found some time to investigate. I tested the TLS smtp connection using openssl from various systems I have access to by issuing:


openssl  s_client -starttls smtp -host my.mail.server -port 25

Only from my home LAN I got the following error:


root@linkstation:/home/nd# openssl  s_client -starttls smtp -host my.mail.server -port
25CONNECTED(00000003)
2933:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO: unknown protocol:s23_clnt.c:567:

Now I began to suspect my cisco 851w Router and I was right! The router logged:


179041: Jan 13 14:51:15.969 CET: %FW-3-SMTP_INVALID_COMMAND: Invalid SMTP command 

(STARTTLSrn)(total 10 chars) from initiator (192.168.1.100:47797)

After searching the net I found out that this also is a known problem on Cisco PIX firewalls. I disabled smtp inspection using:


c851w-nd(config)#no ip inspect name DEFAULT100 smtp

Now the ssl handshake is successful. Looks like the deep inspection inside Cisco IOS is not knowing about TLS. BTW: my Cisco runs IOS version 12.3(8r)YI2.