We accidentaly noticed, that if we initiate a restore from the client (clicking on restore, in the tray icon menu), the client does not see all backuped directories in the webinterface. If we login as admin, we see all of them. Just some screen shots:
After clicking on restore on the tray icon
After logging in in the web interface as admin:
When right clicking in Windows Explorer on the directory, and choose restore:
Is than an intended behavior or a bug? I really don’t see how we could set up permissions some how differently.
ps. Does urBackup verify which user is logged in, so a user can only restore files/directories it actually got at least read access for? (Would make sense out of security reason, but I’ve got no idea how difficult it is to implement). But even if it does that, that can’t be the reason, since I was logged in as an admin on the windows machine and I’ve definetly got read/write rights for that directory (I’ve tried it out).
Yes, it does. Other than that it could be the metadata of the “Microsoft” folder is missing (this is where the ACLs are stored). There should be errors in the server log if this is the case.
I did a grep on urbackup.log for “acl”, metadata" and for the directory name and I also checked the log of the last incremental and full backup but I couldn’t find any message about ACL/metada or anything else (besides “all metadata stored successfully”) that seems to be related. Also when trying to do the restore, no error message appears in any log.
It shouldn’t be a problem that I’m logged in as a Domain-Admin, and not as a local admin, right? (if that would be a problem i shouldn’t be able to restore anything?).
That could be the problem. I still need to setup a domain dev environment to fix LDAP login. And LDAP login does not work because it only lists local users, not domain users…
Since that Server is the Domain-Controller I can’t login on it as a local admin (or user in general) to test if it has to do with the domain.
But I tried to compare the access rights of those directories (And several other’s I couldn’t read) and noticed, that the one UrBackup tells me that I don’t have access rights to, do have the right for DomainName\Administrators, but not for DomainName\Users (Benutzer on german, but I guess in english it would be called Users).
So I tried to also give access to those directories for the Users Group, did an other backup, and now I could also as admin see those directories in UrBackup.
So in short, the domain user group needs to have access rights on the directories otherwise UrBackup doesn’t let you see those, without actually login in into the webinterface.
Well until that works properly we will log in directly in UrBackup for doing restores.
I found this thread as we searched for a reason why restore does not work. When you try to restore from client, you see a list of all the backup folders by date/time, but when you go into those folders you see only the desktop.ini and Default user folder, nothing else. The actual user folder is not shown, so you can’t restore any data. If you log in as admin via the web, you can go in to the backups and see everything.
Based on this thread, I added the user account with read/execute/list to the root client folder on the server (Windows 2012R2) and we tried again to restore on the client (Windows 7 Ent) logged in to the workstation as the account that has been given permission on the server. No change.
What makes no sense based on the above is that one file and one empty folder show up for restore, but everything else does not. Permissions on all items are identical, so either everything should be listed, or nothing should be listed. It appears there is some other factor at work here that identifies who is trying to restore and if they are allowed to see the data.
The end need is for users (they do not have admin on their machines, we install the software and configure the backup rules, and they do not have user accounts in URBackup) to be able to backup on demand (works) and restore on demand (not working) from the client icon. Can the software do this? At the moment we do have a user account made that matches the domain account the user is logged in with, but this seems pointless as there is no link between URBackup and the domain. Or, is that the issue, and this won’t work until such time as LDAP is implemented, and until then only an admin can restore data?
Yes, I still need to setup that test environment.
Currently it uses
FILTER_NORMAL_ACCOUNT to enumerate the users. This seems to only return local users and not users with domain accounts.
If someone can tell me what to call to get all user account names with have used a computer that would be helpful (and not all accounts in the domain, that would be inefficient…).
Hmm… so if I understand, you’re saying that currently there needs to be a user account on the server who’s name matches the user account on the client machine? That seems odd since they would be two different accounts, but it sounds like you’re just doing a name match somehow?
As for domain accounts, I think the real solution is that your domain query needs to be done with a filter. It’s normal in our experience that we put in an LDAP filter so that only users of a specified group are queried. That way, we put our users for that service in the named group and they are the ones with access. Now, with this backup software each user still needs to only be able to see the backups from their client, so hopefully that’s already in place.
Hope that helps your development for the LDAP portion, not sure if it helps for now without that working? Again I’m not clear what you’re doing for the permission check exactly, I’m used to fully authenticated access to resources through domain accounts.
Could you try if this is fixed with client 2.1.8? It will need a full file backup.
Came across this thread whilst investigating an issue I’m seeing in my test environment.
Running Mac Client 2.2.3 beta and Server 2.2.6 beta - here’s the backup list for a test client:
Here’s the file list, as viewed from the server:
And here’s the file list, as viewed from the client via Access/restore backups:
I’m not using any domain accounts anywhere - just local users, and no users defined on the server.
Ah - sorry. I’ve just found that if I manually browse to
ip-address-of-server:55414, then I can see the file list - just not if I get to the restore interface through the Access/restore backups button on the client.
This still appears to be a problem…using latest server (2.5.23) and latest windows client (2.5.17)
Backups work fine. If I log in to urbackup web console with admin password, I can see all backups for all clients and all folders are accessible for restore.
However, if I use the windows client and “access/restore backups” on windows client I can see the backups were made but if I try to do a restore from a particular backup, many folders are missing that are showing when logged in via administrator.
Specifically, entire user folders are missing. These appear to be user folders for domain users as local users (public etc) are there.
To me this is a serious issue…