Apple Time Machine backups with FreeNAS

So you’ve got a fancy FreeNAS 11.x server and a macOS computer but you aren’t quite sure how to get Time Machine backups configured? Well then you’ve come to the right place!

While FreeNAS is an absolutely incredible open source project the lack of comprehensive documentation and a litany of antiquated tutorials can make getting things properly setup rather confusing even for experienced users. But fear not, it only takes a few minutes to implement and boils down to:

1. Creating a dedicated user
2. Allocating an isolated dataset on your existing storage pool
3. Configuring permissions
4. Exposing an AFP network share
5. Configuring Time Machine to use the new share
6. Dying from old age waiting for the initial synchronization
7. Profit?

Jumping right in…

1. Open your management dashboard, find the “Accounts” option on the left then “Users” under that. Click “ADD” in the top right. Populate the full name (Apple Time Machine), username (time_machine) and password fields then click “SAVE” leaving the other options as default.
2. Under the “Storage” heading on the left navigate to “Pools”. Click the three vertical dots next to an existing storage pool you’d like to use and select “Add Dataset”. Give it a descriptive name (time-machine), then counter-intuitively specify “Unix” as the “Share Type” and set “Enable Atime” to “on”. The “Case Sensitivity” option should be set to “Insensitive” assuming a standard macOS install. To verify, open “Disk Utility” from Spotlight on your Mac and click the “Info” button in the top right for each drive including any external drives you’ll be backing up and look for the “Is case-sensitive” field for each. If on the off chance any of your drives indicate “yes” select “Sensitive” instead. But now we arrive to a fork in the road. Should you opt to encrypt your backup, which is highly recommended, for both “Compression level” and “ZFS Deduplication” select “off”. If however you like to live life dangerously and would rather save some storage space use “lz4” for the “Compression level” and “on” for “ZFS Deduplication”. Be sure to “SAVE”.
3. From the same “Pools” menu expand the list of datasets under the storage pool you selected and find the three vertical dots next to the time machine dataset (time-machine) you just created in step 2 and pick “Edit Permissions”. Leave the “Path” as default, pick “Unix” for “ACL Type” then for both “User” and “Group” select the username (time_machine) you created in step 1. Be sure that “Apply User”, “Apply Group”, “Apply Mode” and “Apply permissions recursively” are all checked. For the “Mode” options, you want everything in the “Owner” and “Group” columns checked while everything under “Other” should be unchecked. “SAVE” again.
4. From the sidebar under “Sharing” select “Apple (AFP) Shares” then “ADD” in the top right. Select “Advanced Mode” then click the folder icon under “Path”, expand the folder directory and select the dataset (time-machine) you created earlier in step 2. Give it a “Name” without any spaces (time-machine) then check the box next to the “Time Machine” option as well as “AFP3 Unix Privs”. Leave “Use as home share”, “Zero Device Numbers” and “No Stat” unchecked. For “Read/Write Access” type in the username (time_machine) you created in step 1. For both the “Default file permissions” and “Default directory permissions” you once again want everything under the “Owner” and “Group” columns checked while everything under “Other” should be unchecked. Leave all remaining fields blank. When you click “SAVE” you’ll see a popup prompting you to enable the AFP service, be sure to comply.
5. On your Mac(s) navigate to “System Preferences” then “Time Machine”. Choose “Select Disk…” and under “Available Disks” you should see the name of the network share (time-machine) you created in step 4. Based on your decision in step 2, check or uncheck “Encrypt backups” before clicking “Use Disk”. You’ll get a prompt for a “Name” (time_machine) and “Password” which should match the user information you created in step 1. If you opted to encrypt the backup you’ll see a prompt for a “Backup Password” which should be at minimum 18 characters long to prevent casual brute force attempts.
6. Now hurry up and wait. Ideally have your device(s) hooked up via gigabit ethernet rather than wireless and temporarily disable sleep mode. Even on a beefy latest generation Mac with a solid state drive the initial backup can take anywhere between 12 and 48 hours. No your FreeNAS server isn’t slow and your Mac didn’t freeze on “Preparing backup…”, Time Machine just operates on glacial time scales because…reasons? Mercifully subsequent incremental backups are relatively quick even over Wi-Fi.

Congratulations, you’ve got an infinitely scalable home backup solution! If you’re feeling spicy future improvements you may want to consider include a VPN server so you can access your backups remotely as well as mirroring your entire FreeNAS storage pool to a remote location to protect against geographic threat vectors such as theft, mother nature, fires or what have you. Perhaps a topic for a future article. :)