SMB / Samba โ
Store backups on Windows network shares or NAS devices via SMB/CIFS protocol.
Overview โ
SMB (Server Message Block) is the standard file sharing protocol in Windows networks. Benefits:
- ๐ฅ๏ธ Native Windows/Active Directory integration
- ๐ Works with NAS devices (Synology, QNAP, TrueNAS)
- ๐ Domain authentication support
- ๐ SMB3 encryption support
Prerequisite
The SMB adapter requires the smbclient CLI tool to be installed on the host system. This is included in the official Docker image. For local development, install it via your package manager (e.g., brew install samba on macOS or apt install smbclient on Debian/Ubuntu).
Configuration โ
| Field | Description | Default |
|---|---|---|
| Name | Friendly name | Required |
| Address | UNC path to share (e.g. //server/share) | Required |
| Username | SMB username | guest |
| Password | SMB password | Optional |
| Domain | Workgroup or domain name | Optional |
| Max Protocol | Maximum SMB protocol version | SMB3 |
| Path Prefix | Subdirectory on the share | Optional |
Setup Examples โ
Windows File Server โ
- Create a shared folder on your Windows server
- Set share permissions (read/write for backup user)
- Configure in DBackup:
- Address:
//fileserver.domain.local/Backups - Username:
DOMAIN\backupuser - Password: Your password
- Domain:
DOMAIN
- Address:
Synology NAS โ
- Enable SMB in Control Panel > File Services > SMB
- Create a shared folder for backups
- Create a user with read/write access
- Configure in DBackup:
- Address:
//synology-ip/BackupShare - Username:
backupuser - Password: Your password
- Address:
QNAP NAS โ
- Enable SMB in Control Panel > Network & File Services > Win/Mac/NFS/WebDAV > Microsoft Networking
- Create a shared folder and set permissions
- Configure in DBackup:
- Address:
//qnap-ip/BackupShare - Username:
backupuser - Password: Your password
- Address:
TrueNAS โ
- Create a dataset for backups
- Create an SMB share pointing to the dataset
- Create a user with appropriate permissions
- Configure in DBackup:
- Address:
//truenas-ip/backups - Username:
backupuser - Password: Your password
- Address:
Samba Server (Linux) โ
- Install Samba:
sudo apt install samba - Create a share in
/etc/samba/smb.conf:
ini
[backups]
path = /srv/backups
valid users = backupuser
read only = no
create mask = 0644
directory mask = 0755- Create Samba user:
sudo smbpasswd -a backupuser - Restart Samba:
sudo systemctl restart smbd - Configure in DBackup:
- Address:
//linux-server-ip/backups - Username:
backupuser - Password: Your Samba password
- Address:
Protocol Version โ
The Max Protocol setting controls the maximum SMB protocol version used:
| Protocol | Description |
|---|---|
| SMB3 | Latest, with encryption support (recommended) |
| SMB2 | Widely compatible, no encryption |
| NT1 | Legacy (SMB1), use only for old devices |
Security
Avoid using NT1 (SMB1) unless absolutely necessary. SMB1 has known security vulnerabilities and is deprecated by Microsoft.
Directory Structure โ
After backups, your share will contain:
//server/share/
โโโ your-prefix/ (if Path Prefix is set)
โ โโโ mysql-daily/
โ โ โโโ backup_2024-01-15T12-00-00.sql.gz
โ โ โโโ backup_2024-01-15T12-00-00.sql.gz.meta.json
โ โ โโโ ...
โ โโโ postgres-weekly/
โ โโโ ...Docker Configuration โ
The official DBackup Docker image includes smbclient out of the box. No additional configuration is needed.
If you're building a custom image, ensure samba-client is installed:
dockerfile
RUN apk add --no-cache samba-clientTroubleshooting โ
Connection Failed โ
NT_STATUS_LOGON_FAILURESolutions:
- Verify username and password are correct
- Check if domain is required (e.g.,
DOMAIN\user) - Ensure the share exists and is accessible
- Verify network connectivity to the server
Access Denied โ
NT_STATUS_ACCESS_DENIEDSolutions:
- Check share permissions for the user
- Verify NTFS/filesystem permissions on the target folder
- Ensure the user has write access
Share Not Found โ
NT_STATUS_BAD_NETWORK_NAMESolutions:
- Verify the share name is correct (case-sensitive on some servers)
- Check if the share is enabled and accessible
- Try using the IP address instead of hostname
Protocol Negotiation Failed โ
NT_STATUS_CONNECTION_DISCONNECTEDSolutions:
- Try lowering Max Protocol to
SMB2 - Check if the server supports the selected protocol version
- Verify firewall allows ports 445 (and optionally 139)
smbclient Not Found โ
smbclient: command not foundSolutions:
- Docker: Use the official DBackup image (includes smbclient)
- Debian/Ubuntu:
sudo apt install smbclient - Alpine:
apk add samba-client - macOS:
brew install samba
Security Best Practices โ
- Use SMB3 โ Provides encryption in transit
- Dedicated backup user โ Create a separate account for backups
- Minimal permissions โ Only grant read/write to the backup folder
- Network segmentation โ Restrict SMB traffic to trusted networks
- Firewall rules โ Limit source IPs that can access the share
- Disable guest access โ Require authentication for the share
- Enable backup encryption โ Use DBackup's encryption profiles for at-rest encryption
Firewall Rules โ
SMB uses TCP port 445 (and optionally 139 for NetBIOS):
bash
# UFW
sudo ufw allow from 10.0.0.0/8 to any port 445
# iptables
iptables -A INPUT -p tcp -s 10.0.0.0/8 --dport 445 -j ACCEPTComparison with Other Destinations โ
| Feature | SMB | SFTP | S3 | Local |
|---|---|---|---|---|
| Setup complexity | Easy | Medium | Easy | Easiest |
| Windows native | โ | โ | โ | โ |
| NAS support | โ | โ | โ | โ |
| Self-hosted | โ | โ | โ | โ |
| Encryption in transit | โ (SMB3) | โ | โ | N/A |
| Domain auth | โ | โ | โ | N/A |
| Scalability | Limited | Limited | High | Limited |