The Drive, No More (Parody)
Once within a server dreary, while I pondered, weak and weary,
Over backups, logs, and folders I had trusted long before,
Came a clicking, faintly tapping, like some tiny demon rapping,
Rapping from the drive bay’s darkness, whispering of things in store.
“’Tis a cable,” then I muttered, “loose behind the chassis door.”
Only this, and nothing more.
Yet the volume mounted never, though I begged with grim endeavor,
Though I ran the sacred commands I had often run before.fsck cried out in broken meter, SMART grew colder, death grew sweeter,
Every sector turned a traitor, every block a bolted door.
Then the kernel, pale and mocking, carved my doom into its lore:
“Unknown error. Read no more.”
Deep into that disk I glowered, as the midnight slowly soured,
Dreaming dreams of lost directories vanished from the spinning core.
Photos, scripts, and ancient writing, tax returns and memes delighting,
All entombed in silent platters I may nevermore restore.
Then my soul cried, “Can I save them?”
Quoth the syslog: “Nevermore.”
With Apologies to the ghost of Edgar Allan Poe.
Adding UPS Monitoring to a Linux Home Lab Server with NUT
I recently added a managed UPS to a Linux server in my lab and wanted the server to do more than just sit on battery backup. I wanted the server to detect the UPS, monitor the battery status, send email alerts, provide a web status page, and shut down cleanly if power was out for too long.
The UPS I used was a CyberPower CP1500PFCLCD PFC Sinewave UPS Battery Backup and Surge Protector, 1500VA/1000W, 12 Outlets, AVR, Mini Tower, UL Certified
Amazon product page:
https://www.amazon.com/CyberPower-CP1500PFCLCD-Sinewave-Outlets-Mini-Tower/dp/B00429N19W
This post walks through the setup in a lab environment using Linux, Network UPS Tools, systemd, Nginx, and a simple notification script.
Lab Environment
The lab server used for this setup was running:
Linux distribution: LMDE 7 “Gigi”
Base: Debian 13 “Trixie”
UPS: CyberPower CP1500PFCLCD
UPS connection: USB cable
UPS software: Network UPS Tools, also known as NUT
Web server: Nginx
Mail relay: Local sendmail-compatible relay
The examples below use sanitized names and addresses:
UPS name: lab-ups
Server IP: 192.168.1.5
Alert email: admin@example.com
Status page: http://192.168.1.5/status/ups/
Substitute your own values where needed.
What I Wanted the UPS Setup to Do
The goal was not just battery backup. I wanted useful management:
- Detect the UPS over USB
- Monitor line power, battery charge, runtime, and load
- Send an email when power events happen
- Wait before shutting down, in case power comes back quickly
- Shut down cleanly if power stays out too long
- Provide a web-based UPS status page
- Start automatically after reboot
The final behavior looked like this:
- Power goes out:
- Start a 5-minute warning timer.
- Start a 30-minute shutdown timer.
- After 5 minutes on battery:
- Send an email warning.
- After 30 minutes on battery:
- Send a shutdown warning.
- Start clean shutdown.
- If power comes back:
- Cancel the timers.
- Send a recovery email.
- If the UPS reaches low battery:
- Shut down immediately.
Step 1: Plug in the UPS USB Cable
First, I connected the UPS to the Linux server using the USB cable that came with the UPS.
Then I checked whether Linux could see it:
lsusb
The UPS appeared as a CyberPower USB device. Example:
Cyber Power System, Inc. CP1500PFCLCD UPS
I also checked recent kernel messages:
dmesg | tail -n 80
This confirmed that the server saw the USB device.
Step 2: Install Network UPS Tools
Network UPS Tools, or NUT, is the standard Linux toolset for monitoring UPS units.
Install it:
apt update
apt install -y nut nut-client nut-server
Then scan for USB UPS devices:
nut-scanner -U
The scan should return something similar to this:
[nutdev1]
driver = "usbhid-ups"
port = "auto"
vendorid = "0764"
productid = "0601"
product = "CP1500PFCLCDa"
vendor = "CPS"
The important line is:
driver = "usbhid-ups"
That is the driver used for many USB HID-compatible UPS units.
Step 3: Configure the UPS
Edit `/etc/nut/ups.conf`:
cp /etc/nut/ups.conf /etc/nut/ups.conf.bak.$(date +%Y%m%d-%H%M%S)
cat > /etc/nut/ups.conf <<'EOF'
[lab-ups]
driver = usbhid-ups
port = auto
vendorid = 0764
productid = 0601
desc = "CyberPower CP1500PFCLCD UPS"
EOF
This defines the UPS as `lab-ups`.
Step 4: Set NUT to Standalone Mode
For a single server connected directly to one UPS, standalone mode is appropriate.
Configure `/etc/nut/nut.conf`:
cp /etc/nut/nut.conf /etc/nut/nut.conf.bak.$(date +%Y%m%d-%H%M%S)
cat > /etc/nut/nut.conf <<'EOF'
MODE=standalone
EOF
Step 5: Create the NUT Monitor User
NUT uses a local user account so `upsmon` can monitor the UPS through `upsd`.
Configure `/etc/nut/upsd.users`:
cp /etc/nut/upsd.users /etc/nut/upsd.users.bak.$(date +%Y%m%d-%H%M%S) 2>/dev/null || true
cat > /etc/nut/upsd.users <<'EOF'
[monuser]
password = replace-this-with-a-strong-local-password
upsmon master
EOF
chmod 640 /etc/nut/upsd.users
chown root:nut /etc/nut/upsd.users
Use a real password in your own environment.
Step 6: Configure UPS Monitoring
Configure `/etc/nut/upsmon.conf`:
cp /etc/nut/upsmon.conf /etc/nut/upsmon.conf.bak.$(date +%Y%m%d-%H%M%S)
cat > /etc/nut/upsmon.conf <<'EOF'
MONITOR lab-ups@localhost 1 monuser replace-this-with-a-strong-local-password master
MINSUPPLIES 1
SHUTDOWNCMD "/sbin/shutdown -h +0"
POLLFREQ 5
POLLFREQALERT 5
HOSTSYNC 15
DEADTIME 15
POWERDOWNFLAG /etc/killpower
NOTIFYFLAG ONLINE SYSLOG+WALL+EXEC
NOTIFYFLAG ONBATT SYSLOG+WALL+EXEC
NOTIFYFLAG LOWBATT SYSLOG+WALL+EXEC
NOTIFYFLAG FSD SYSLOG+WALL+EXEC
NOTIFYFLAG COMMOK SYSLOG+WALL+EXEC
NOTIFYFLAG COMMBAD SYSLOG+WALL+EXEC
NOTIFYFLAG SHUTDOWN SYSLOG+WALL+EXEC
NOTIFYFLAG REPLBATT SYSLOG+WALL+EXEC
NOTIFYFLAG NOCOMM SYSLOG+WALL+EXEC
NOTIFYCMD /usr/sbin/upssched
EOF
chmod 640 /etc/nut/upsmon.conf
chown root:nut /etc/nut/upsmon.conf
This tells `upsmon` to call `upssched`, which handles timed actions.
Step 7: Fix USB Permissions If Needed
On my setup, the UPS was detected but the driver initially could not open the USB device because of permissions.
The error looked like this:
libusb1: Could not open any HID devices: insufficient permissions on everything
No matching HID UPS found
The fix was to create a udev rule for the CyberPower UPS:
cat > /etc/udev/rules.d/62-cyberpower-ups.rules <<'EOF'
CyberPower CP1500PFCLCD UPS for NUT
SUBSYSTEM=="usb", ATTR{idVendor}=="0764", ATTR{idProduct}=="0601", MODE="0660", GROUP="nut"
SUBSYSTEM=="usb_device", ATTR{idVendor}=="0764", ATTR{idProduct}=="0601", MODE="0660", GROUP="nut"
EOF
udevadm control --reload-rules
udevadm trigger
Then unplug the UPS USB cable, wait a few seconds, and plug it back in.
Check the permissions:
lsusb | grep -i -E 'cyber|power|ups|0764'
for dev in /dev/bus/usb/*/*; do
if udevadm info -q property -n "$dev" 2>/dev/null | grep -q 'ID_VENDOR_ID=0764'; then
echo "===== $dev ====="
ls -l "$dev"
fi
done
The device should be owned by root with group `nut`.
Step 8: Start the NUT Services
On Debian 13, the driver runs as a systemd instance, such as:
nut-driver@lab-ups.service
Start and enable the NUT services:
systemctl daemon-reload
systemctl enable --now nut-driver-enumerator.path
systemctl enable --now nut-driver-enumerator.service
systemctl enable --now nut-server
systemctl enable --now nut-monitor
Check the driver instance:
systemctl list-units 'nut-driver*' --all --no-pager
You should see something like:
nut-driver@lab-ups.service loaded active running
Then check all three main pieces:
systemctl is-active nut-driver@lab-ups.service nut-server nut-monitor
Expected:
active
active
active
Step 9: Query the UPS
Now query the UPS:
upsc lab-ups@localhost
Useful values include:
text
battery.charge
battery.runtime
input.voltage
output.voltage
ups.load
ups.status
Example:
text
battery.charge: 100
battery.runtime: 5525
input.voltage: 120.0
output.voltage: 120.0
ups.load: 7
ups.status: OL
`OL` means the UPS is on utility power.
Common status values:
text
OL On line power
OB On battery
LB Low battery
OL CHRG On line and charging
Step 10: Create an Email Notification Script
I wanted the server to send an email when UPS events happened.
Create `/usr/local/sbin/lab-ups-notify.sh`:
cat > /usr/local/sbin/lab-ups-notify.sh <<'EOF'
!/usr/bin/env bash
TO="admin@example.com"
FROM="Lab Server <server@example.com>"
LOG="/var/log/lab-ups.log"
EVENT="${NOTIFYTYPE:-UNKNOWN}"
MESSAGE="${*:-No message supplied}"
NOW="$(date '+%Y-%m-%d %H:%M:%S %Z')"
HOST="$(hostname -f 2>/dev/null || hostname)"
UPS_STATUS="$(upsc lab-ups@localhost 2>/dev/null || true)"
{
echo "[$NOW] UPS event: $EVENT - $MESSAGE"
} >> "$LOG"
timeout 30 /usr/sbin/sendmail -t <<MAIL
From: ${FROM}
To: ${TO}
Subject: [LAB SERVER] UPS event: ${EVENT}
The lab server received a UPS event.
Time:
${NOW}
Host:
${HOST}
Event:
${EVENT}
Message:
${MESSAGE}
UPS Status:
${UPS_STATUS}
MAIL
exit 0
EOF
chmod 0755 /usr/local/sbin/lab-ups-notify.sh
Test it:
NOTIFYTYPE=TEST /usr/local/sbin/lab-ups-notify.sh "Manual UPS notification test"
If the email arrives, the notification script is working.
Step 11: Configure Timed Shutdown Behavior
I did not want the server to shut down immediately for a short power blink. I wanted it to wait.
The plan was:
- After 5 minutes on battery:
- Send warning email.
- After 30 minutes on battery:
- Start clean shutdown.
- If power comes back:
- Cancel shutdown timers and send recovery email.
- If low battery happens:
- Shut down immediately.
Create the `upssched` command script:
cat > /usr/local/sbin/lab-upssched-cmd.sh <<'EOF'
!/usr/bin/env bash
LOG="/var/log/lab-ups.log"
NOW="$(date '+%Y-%m-%d %H:%M:%S %Z')"
case "$1" in
onbatt-warning)
NOTIFYTYPE=ONBATT-WARNING /usr/local/sbin/lab-ups-notify.sh \
"The lab server has been on UPS battery power for 5 minutes."
echo "[$NOW] upssched: 5-minute on-battery warning sent" >> "$LOG"
;;
onbatt-shutdown)
NOTIFYTYPE=ONBATT-SHUTDOWN /usr/local/sbin/lab-ups-notify.sh \
"The lab server has been on UPS battery power for 30 minutes. Starting clean shutdown."
echo "[$NOW] upssched: 30-minute on-battery shutdown triggered" >> "$LOG"
/sbin/upsmon -c fsd
;;
online-recovery)
NOTIFYTYPE=ONLINE-RECOVERY /usr/local/sbin/lab-ups-notify.sh \
"Power has been restored. The lab server is back on utility power. UPS shutdown timers have been cancelled."
echo "[$NOW] upssched: online recovery email sent; shutdown timers cancelled" >> "$LOG"
;;
*)
echo "[$NOW] upssched: unknown command: $1" >> "$LOG"
;;
esac
EOF
chmod 0755 /usr/local/sbin/lab-upssched-cmd.sh
Then configure `/etc/nut/upssched.conf`:
cp /etc/nut/upssched.conf /etc/nut/upssched.conf.bak.$(date +%Y%m%d-%H%M%S) 2>/dev/null || true
cat > /etc/nut/upssched.conf <<'EOF'
CMDSCRIPT /usr/local/sbin/lab-upssched-cmd.sh
PIPEFN /run/nut/upssched.pipe
LOCKFN /run/nut/upssched.lock
AT ONBATT * START-TIMER onbatt-warning 300
AT ONBATT * START-TIMER onbatt-shutdown 1800
AT ONLINE * CANCEL-TIMER onbatt-warning
AT ONLINE * CANCEL-TIMER onbatt-shutdown
AT ONLINE * EXECUTE online-recovery
AT LOWBATT * EXECUTE onbatt-shutdown
EOF
chmod 640 /etc/nut/upssched.conf
chown root:nut /etc/nut/upssched.conf
Restart the monitor:
systemctl restart nut-monitor
Verify:
systemctl status nut-monitor --no-pager
Step 12: Install the NUT CGI Web Status Page
I also wanted a simple web page to show UPS status.
Install the packages:
apt update
apt install -y nut-cgi fcgiwrap
Find the CGI files:
dpkg -L nut-cgi | grep -E 'cgi|upsstats|upsset|hosts'
On Debian, the CGI files are usually here:
/usr/lib/cgi-bin/nut/upsstats.cgi
/usr/lib/cgi-bin/nut/upsimage.cgi
/usr/lib/cgi-bin/nut/upsset.cgi
Configure `/etc/nut/hosts.conf`:
cp /etc/nut/hosts.conf /etc/nut/hosts.conf.bak.$(date +%Y%m%d-%H%M%S)
cat > /etc/nut/hosts.conf <<'EOF'
MONITOR lab-ups@localhost "Lab UPS"
EOF
Start `fcgiwrap`:
systemctl enable --now fcgiwrap.socket
systemctl status fcgiwrap.socket --no-pager
Step 13: Add an Nginx Location for the UPS Page
In my lab, I exposed the UPS page as a subpage of the server’s local status site:
http://192.168.1.5/status/ups/
The Nginx block looked like this:
location = /status/ups {
return 301 /status/ups/;
}
location /status/ups/ {
include fastcgi_params;
fastcgi_pass unix:/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/nut/upsstats.cgi;
fastcgi_param SCRIPT_NAME /status/ups/;
fastcgi_param PATH_INFO "";
fastcgi_param QUERY_STRING $query_string;
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
}
location = /status/ups/upsimage.cgi {
include fastcgi_params;
fastcgi_pass unix:/run/fcgiwrap.socket;
fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/nut/upsimage.cgi;
fastcgi_param SCRIPT_NAME /status/ups/upsimage.cgi;
fastcgi_param QUERY_STRING $query_string;
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0";
}
Test Nginx:
nginx -t
systemctl reload nginx
Then test the page:
curl -I http://192.168.1.5/status/ups/
The detailed UPS page was available at:
http://192.168.1.5/status/ups/?host=lab-ups@localhost
Step 14: Final Verification Commands
Here are the main commands I use to check the UPS setup:
systemctl is-active nut-driver@lab-ups.service nut-server nut-monitor
upsc lab-ups@localhost | grep -E 'ups.status|battery.charge|battery.runtime|ups.load|input.voltage|output.voltage'
systemctl list-units 'nut-driver*' --all --no-pager
tail -n 50 /var/log/lab-ups.log
Expected UPS status on normal wall power:
ups.status: OL
Final Result
After setup, the server had:
- UPS detected over USB
- NUT driver running
- NUT server running
- NUT monitor running
- Email alerts working
- Timed shutdown behavior configured
- Recovery email when power returns
- Web status page available on the LAN
- Automatic startup after reboot
At the current low load in my lab, the UPS reported roughly 90 minutes of runtime. I chose not to run the server all the way down. Instead, the system waits 30 minutes on battery, then shuts down cleanly unless power returns first.
That gives short outages a chance to clear while still protecting the server, filesystems, and running services from an uncontrolled power loss.
Closing Thoughts
A UPS is useful by itself, but it becomes much more useful when the server can talk to it. With a USB cable and Network UPS Tools, a Linux server can monitor power status, send alerts, display a web status page, and shut itself down cleanly.
For a home lab or small server rack, this is one of those upgrades that is worth doing before the next power outage.
Managing a Cisco Catalyst Switch from a Linux Server Using a USB-to-RJ45 Console Cable
I recently connected a Linux server in my lab directly to a Cisco Catalyst switch using a USB-to-RJ45 Cisco console cable. The goal was simple: manage the switch from the Linux command line without needing a separate laptop, USB serial adapter, or Windows terminal program.
This is a practical lab setup for anyone who works with older Cisco switches, home lab racks, or small network environments. Once the cable is connected, the Linux server can act as a permanent console workstation for the switch.
Lab Hardware and Software Used
For this lab, I used the following equipment:
Linux server
Linux distribution: LMDE 7 “Gigi”
Base: Debian 13 “Trixie”
Cisco switch
Model: Cisco Catalyst WS-C2960G-8TC-L
Console cable
Cable Matters USB-to-RJ45 Cisco console cable
FTDI-based USB serial chipset
Length: 6 feet
The specific cable used was sold as a Cable Matters USB-to-RJ45 Console Cable compatible with Cisco console cables / rollover cords, and purchased from Amazon: https://www.amazon.com/dp/B078PVJ5ZQ
This kind of cable is not an Ethernet cable. The RJ45 end plugs into the console port on the Cisco switch, not into a regular Ethernet switch port.
What the Cable Does
A Cisco console connection is a serial connection. Many Cisco switches use an RJ45-style console port, but electrically it is not Ethernet.
The USB-to-RJ45 console cable includes a USB-to-serial adapter in the cable assembly. In this lab, Linux detected the USB-to-serial chipset as an FTDI device. Once detected, the system created a serial console device that could be used to connect to the Cisco switch.
Physical Connection
The connection is straightforward:
Linux server USB port
|
| USB-to-RJ45 Cisco console cable
|
Cisco Catalyst console port
The RJ45 end must go into the console port on the Cisco switch. Do not plug it into a normal Ethernet data port.
Step 1: Confirm Linux Sees the USB Serial Adapter
After plugging in the USB side of the console cable, I checked whether Linux detected the USB serial chipset:
lsusb | grep -i -E 'ftdi|serial|cable|0403'
Example output:
Bus 005 Device 002: ID 0403:6001 Future Technology Devices International,
Ltd FT232 Serial (UART) IC
Then I checked the kernel log:
dmesg | grep -i -E 'ttyUSB|ftdi|usb serial' | tail -n 30
The important line was:
FTDI USB Serial Device converter now attached to ttyUSB0
That means Linux created a serial device at:
/dev/ttyUSB0
Linux also created a stable device path:
ls -l /dev/ttyUSB* /dev/serial/by-id/* 2>/dev/null
Example output:
/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_AH6SK75M-if00-port0 -> ../../ttyUSB0
/dev/ttyUSB0
I prefer using the /dev/serial/by-id/ path because /dev/ttyUSB0 can change if additional USB serial devices are connected later.
Step 2: Install Serial Console Tools
On the Linux server, I installed screen and minicom:
sudo apt update
sudo apt install -y screen minicom
Either tool can be used. screen is quick and simple. minicom is more purpose-built for serial console work.
Step 3: Connect with screen
Most Cisco Catalyst console ports use 9600 baud.
To connect using screen:
screen /dev/serial/by-id/usb-FTDI_FT232R_USB_UART_AH6SK75M-if00-port0 9600
After the session opens, press Enter once or twice. The Cisco prompt should appear:
Switch>
To enter privileged EXEC mode:
enable
The prompt should change to:
Switch#
At that point, the Linux server is connected to the Cisco switch console.
Step 4: Disable Output Paging
Cisco IOS often pauses long output with --More--. For lab documentation and troubleshooting, I usually disable paging for the current session:
terminal length 0
This does not permanently change the switch. It only affects the current console session.
Step 5: Run Basic Discovery Commands
Useful commands for identifying and documenting the switch include:
show version
show inventory
show running-config
show startup-config
show ip interface brief
show interfaces status
show vlan brief
show logging
In this lab, the switch was identified as:
Model: Cisco Catalyst WS-C2960G-8TC-L
IOS image: c2960-lanbasek9-mz.122-55.SE5.bin
Processor: PowerPC405
Memory: 65536K bytes
Management interface: Vlan1
Management IP method: DHCP
The switch had a DHCP-assigned management IP address on VLAN 1.
Step 6: Save Configuration Changes
After changing Cisco IOS configuration, save the running configuration to startup configuration:
write memory
or:
copy running-config startup-config
If prompted for the destination filename, press Enter to accept the default.
Step 7: Disconnect Properly from screen
Do not just close the terminal window. To cleanly disconnect from screen:
Ctrl-A
K
y
That means:
Press
Ctrl-A.Press
K.Press
yto confirm.
This exits the screen session and releases the serial device.
Step 8: Connect with Minicom
Minicom is another good option for Cisco console access.
To connect:
minicom -D /dev/serial/by-id/usb-FTDI_FT232R_USB_UART_AH6SK75M-if00-port0 -b 9600
If the screen appears blank, press Enter once or twice.
To exit Minicom:
Ctrl-A
X
Then confirm that you want to leave Minicom.
Step 9: Log the Entire Cisco Console Session to a File
For documentation, I like logging the whole Cisco console session to a file. This creates a record of the commands run and the output returned by the switch.
Create a log directory:
mkdir -p /root/cisco-logs
Start screen with logging enabled:
screen -L -Logfile /root/cisco-logs/catalyst-2960-$(date +%Y%m%d-%H%M%S).log \
/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_AH6SK75M-if00-port0 9600
Inside the Cisco session, run the commands you want to capture:
terminal length 0
show version
show inventory
show running-config
show interfaces status
show vlan brief
show ip interface brief
When finished, exit screen:
Ctrl-A
K
y
Then review the log file:
ls -lt /root/cisco-logs/
less /root/cisco-logs/catalyst-2960-*.log
This is one of the easiest ways to collect clean documentation from a Cisco switch in a lab.
Step 10: Disable Old Web Management If Needed
Older Cisco Catalyst switches may have the built-in HTTP or HTTPS management server enabled. If you browse to the switch management IP and get a username/password prompt, that may be the switch’s internal web interface.
For an older lab switch, I prefer disabling web management unless I specifically need it:
configure terminal
no ip http server
no ip http secure-server
end
write memory
Verify:
show running-config | include ip http
Expected output:
no ip http server
no ip http secure-server
For a lab switch, console access is often enough. If remote management is needed later, configure SSH, a local admin user, an enable secret, and management access restrictions.
Troubleshooting
If Linux does not show the serial device, check:
lsusb
dmesg | grep -i -E 'ttyUSB|ftdi|usb serial'
ls -l /dev/ttyUSB* /dev/serial/by-id/* 2>/dev/null
If another program is using the serial port:
fuser -v /dev/ttyUSB0
If the screen is blank:
Press Enter.
Confirm the RJ45 connector is plugged into the console port.
Confirm the baud rate is 9600.
Try minicom if screen behaves oddly.
If the characters are garbled, the serial settings are probably wrong. Most Cisco Catalyst console ports use:
9600 baud
8 data bits
No parity
1 stop bit
No flow control
Final Thoughts
Connecting a Linux server to a Cisco Catalyst switch with a USB-to-RJ45 console cable is a simple and useful lab setup. It lets the Linux server act as a dedicated console workstation for the switch. It also makes it easy to capture switch configuration, check port status, save logs, and perform recovery work without dragging out another machine.
For a home lab, small rack, or learning environment, this is a practical and inexpensive way to manage older Cisco gear from the Linux command line.
82nd Anniversary of D-Day
Eighty-two years ago today, freedom stood on the edge of extinction, and Allied forces stormed into hell to help save the world. We will never forget the courage, the sacrifice, and the blood spilled on that fateful day.
Why Many Churches Object to Freemasonry: A Historical and Theological Overview
Freemasonry has long presented itself as a moral, fraternal, and charitable organization rather than a church or religion. Many Masons sincerely understand it that way. The United Grand Lodge of England, for example, describes Freemasonry as non-religious and non-political, while still requiring members to affirm belief in a “Supreme Being” (United Grand Lodge of England, n.d.). The Grand Lodge of Ohio similarly states that Freemasonry is not a religion or a substitute for religion, even though its ceremonies include religious or spiritual elements (Grand Lodge of Ohio, n.d.).
That distinction is exactly where many churches see the problem. The historic Christian objections are usually not aimed at Freemasonry’s charitable work, civic friendship, or moral instruction. They are aimed at the religious ambiguity built into Masonic practice: prayer, ritual, oaths, sacred symbols, moral teaching, and references to God that are intentionally broad enough to include Christians, Jews, Muslims, deists, and others. Many churches argue that this “generic” religious framework competes with, obscures, or contradicts central Christian claims about God, Christ, salvation, and Christian witness.
The Catholic Church: The Longest Formal Opposition
The Roman Catholic Church has consistently and formally opposed Freemasonry. Catholic opposition dates back to Pope Clement XII’s 1738 condemnation of Masonic membership. Later Catholic teaching continued to treat Freemasonry as incompatible with Catholic doctrine, especially because of its secrecy, religious indifferentism, naturalistic moral philosophy, and historical conflict with church authority.
In 1983, the Congregation for the Doctrine of the Faith clarified that the Catholic Church’s negative judgment had not changed even though the revised Code of Canon Law no longer named Freemasonry directly. The declaration stated that Masonic principles had “always been considered irreconcilable with the doctrine of the Church,” that Catholic membership remained forbidden, and that Catholics enrolled in Masonic associations were in grave sin and could not receive Holy Communion (Congregation for the Doctrine of the Faith, 1983). A 2023 Vatican note reaffirmed the same position, again stating that active Catholic membership in Freemasonry is forbidden because of the irreconcilability between Catholic doctrine and Freemasonry (Dicastery for the Doctrine of the Faith, 2023).
The Catholic concern is not limited to whether a local lodge is hostile to Christianity. A Vatican reflection published after the 1983 declaration emphasized that the problem is doctrinal and philosophical, not merely practical. In other words, even if a lodge is friendly toward Christians, the Catholic objection remains because Freemasonry’s principles are viewed as religiously and morally incompatible with Catholic faith (Congregation for the Doctrine of the Faith, 1985).
The “Supreme Being” Problem
One of the most common Christian objections is Freemasonry’s use of broad language for God. Freemasonry generally requires belief in a Supreme Being, but it does not require belief in the Triune God of Christianity. Its defenders see this as religious tolerance. Many churches see it as theological reduction.
For orthodox Christians, God is not merely a generic Creator or moral overseer. God is Father, Son, and Holy Spirit, and Jesus Christ is not optional to Christian worship. Churches that object to Freemasonry argue that prayers or rituals addressed to a religiously neutral “Supreme Being” can blur the difference between Christian worship and generalized theism. This is why some churches describe Freemasonry as religiously syncretistic or religiously indifferent. It gathers men of different religions around shared religious symbols while avoiding the doctrinal claims that distinguish those religions.
This does not necessarily mean Freemasonry claims to be a church. The issue is subtler. Many churches argue that Freemasonry functions religiously even while denying that it is a religion.
Salvation, Moralism, and Good Works
Another frequent objection is that Masonic language about moral improvement, purity of life, light, and the “celestial lodge” can sound like a works-based path to eternal reward. Historic Christianity teaches that salvation is by God’s grace through faith in Jesus Christ, not by moral achievement, fraternity, ritual progress, or good works.
The Southern Baptist Convention’s 1993 report took a nuanced position. It acknowledged that some Masonic teachings, such as honesty, integrity, industry, and character, can be compatible with Christian practice. However, the report also identified several Masonic teachings that many Southern Baptists considered incompatible with Christianity, including the implication that salvation may be attained through good works and the presence of universalistic themes in some Masonic writings (Southern Baptist Convention, 1993). The SBC ultimately left Masonic membership as a matter of personal conscience, but urged Southern Baptists to evaluate Freemasonry carefully in light of Christ, Scripture, and the report’s findings.
The Methodist Church of Great Britain reached a similarly cautious but not absolute conclusion. Its 1996 report did not declare that Freemasons were automatically disqualified from Methodist membership or office. However, it warned that unresolved doctrinal issues remained, including the nature of God, salvation, prayer, religion, and ritual. It also warned that a strong emphasis on doing good could lead men to believe that moral conduct is all their Creator requires of them (Methodist Church, 1996).
The Lutheran Church Missouri Synod took a stronger position. Its pastoral guidance states that LCMS members should not belong to organizations whose rituals teach salvation by works, invoke a generic Supreme Being, and omit reference to the person and work of God’s Son (Lutheran Church Missouri Synod, 2008). The Wisconsin Evangelical Lutheran Synod similarly rejects participation in organizations with religious features that conflict with the Christian faith, identifying Freemasonry as one such lodge (Wisconsin Evangelical Lutheran Synod, 2019).
Oaths, Secrecy, and Christian Witness
Many churches also object to Masonic oaths and secrecy. The concern is not merely that a private organization has internal customs. Churches object when secrecy is joined to religious ritual, solemn obligations, symbolic penalties, and duties that may appear to compete with a Christian’s public loyalty to Christ and the church.
The Methodist Church’s 1996 report specifically expressed concern about the “secrecy culture” surrounding Freemasonry, even while recognizing that some changes had been made in recent years (Methodist Church, 1996). The Orthodox Church in America’s clergy guidelines instruct priests to speak privately and pastorally with a Freemason in their flock and to show the incompatibility of Orthodoxy with Freemasonry (Orthodox Church in America, 2023). At funerals, the same guidelines direct clergy not to allow words or symbols other than those of the Orthodox faith into the church or funeral home.
To many Christian critics, this secrecy creates a discipleship problem. Christianity is a public confession centered on Christ. Masonic obligations, signs, symbols, and private ritual can appear to place a second set of binding commitments alongside the commitments of baptism, church membership, and Christian obedience.
The Omission of Jesus Christ
A major objection among conservative Protestant critics is that Masonic prayers and ceremonies often avoid the name of Jesus Christ so that non-Christian members are not excluded or offended. Freemasonry sees this as inclusivity. Critics see it as a denial of Christian witness.
The Orthodox Presbyterian Church’s 1942 report argued that the omission of Christ from prayers and biblical material was a serious theological problem. The report concluded that Masonry was religious in character and therefore anti-Christian, while also acknowledging that sincere Christians might be Masons because they were uninformed or misinformed about the lodge’s religious character (Orthodox Presbyterian Church, 1942). Later OPC guidance stated that the denomination stands firmly against membership in the Masonic Lodge, though it does not maintain a constitutional bar against every Freemason being a church member (Orthodox Presbyterian Church, 2008).
The concern is simple: Christians are commanded to confess Christ. If a Christian joins in ritual prayer where the name and saving work of Christ must be intentionally omitted, many churches see that as a compromised witness.
Eastern Orthodox Concerns
Eastern Orthodox objections often overlap with Catholic and Protestant concerns but are expressed through Orthodox categories of worship, mystery, and ecclesial identity. The Church of Greece formally condemned Freemasonry in 1933, describing it not merely as a philanthropic or philosophical society, but as a mystery-like religious system incompatible with Christianity. The Orthodox Church in America’s current clergy guidelines continue to treat Freemasonry as incompatible with Orthodoxy (Orthodox Church in America, 2023).
For Orthodox churches, the issue is not only doctrine in the abstract. It is also liturgical and sacramental. Orthodoxy understands Christian identity as participation in the life, worship, and mysteries of the Church. A parallel system of ritual, symbols, secrecy, and spiritual brotherhood can therefore be seen as a rival religious formation.
Not All Churches Respond the Same Way
It is important to be fair: Christian churches do not all take the same position. Some prohibit Masonic membership. Some strongly discourage it. Some leave it to conscience. Some mainline Protestant bodies have no firm denominational rule against lay membership. Even in denominations with formal objections, local practice may vary.
The SBC is a good example of nuance. Its report identified incompatibilities, but it did not create a universal denominational ban. The Methodist Church likewise raised serious concerns but did not automatically disqualify Freemasons from membership or office. By contrast, the Catholic Church’s position is clearly prohibitive, and some Lutheran, Orthodox, and conservative Presbyterian bodies maintain stronger opposition.
Conclusion
Many churches object to Freemasonry because they believe it creates a religiously ambiguous space where Christian doctrine is diluted. Freemasonry’s defenders say it is not a religion and that its moral teachings help men become better members of their own faiths. Critics respond that Freemasonry still uses religious language, sacred symbols, prayers, ritual obligations, and teachings about moral improvement in ways that resemble religion while avoiding the exclusive claims of Christianity.
Historically, the strongest objections cluster around five issues: the generic “Supreme Being” rather than the Triune God, the risk of works-based moralism, secret oaths and obligations, the omission of Jesus Christ from prayer and ritual, and the appearance of a parallel spiritual brotherhood outside the church.
For Christians evaluating Freemasonry, the real question is not whether Masons do charitable work or whether individual Masons are sincere. Many do, and many are. The deeper question is whether a Christian can participate in Masonic ritual and obligation without compromising the confession that Jesus Christ is Lord, that salvation is by grace, and that Christian worship and witness must remain centered on the Triune God.
References
Congregation for the Doctrine of the Faith. (1983, November 26). Declaration on Masonic associations. The Holy See. https://www.vatican.va/roman_curia/congregations/cfaith/documents/rc_con_cfaith_doc_19831126_declaration-masonic_en.html
Congregation for the Doctrine of the Faith. (1985, February 23). Irreconcilability between Christian faith and Freemasonry: Reflections a year after the declaration of the Congregation for the Doctrine of the Faith. The Holy See. https://www.vatican.va/roman_curia/congregations/cfaith/documents/rc_con_cfaith_doc_19850223_declaration-masonic_articolo_en.html
Dicastery for the Doctrine of the Faith. (2023, November 13). The request of His Excellency, the Most Rev. Julito Cortes, Bishop of Dumaguete, regarding the best pastoral approach to membership in Freemasonry by the Catholic faithful. The Holy See. https://www.vatican.va/roman_curia/congregations/cfaith/documents/rc_ddf_doc_20231113_richiesta-cortes-massoneria_en.html
Grand Lodge of Free & Accepted Masons of Ohio. (n.d.). Is Freemasonry a religion? Freemason.com. https://www.freemason.com/general-faq/freemasonry-religion/
Home Mission Board of the Southern Baptist Convention. (1993). A report on Freemasonry. North American Mission Board. https://www.namb.net/apologetics/wp-content/uploads/sites/4/2016/03/A_Report_on_Freemasonry.pdf
Lutheran Church Missouri Synod, Commission on Theology and Church Relations. (2009). Membership in certain fraternal organizations: A pastoral approach. https://ctsfw.net/media/pdfs/CTCRMembershipinCertainFraternalOrganizationsAPastoralApproach.pdf
Methodist Church. (1996). Freemasonry. https://www.methodist.org.uk/documents/8019/fo-statement-freemasonry-1996_BKj0TuG.pdf
Orthodox Church in America. (2023). Guidelines for clergy. https://www.oca.org/files/PDF/official/2023-OCA-Guidelines-for-Clergy.pdf
Orthodox Presbyterian Church. (1942). Christ or the Lodge? A report on Freemasonry. https://opc.org/GA/masonry.html
Orthodox Presbyterian Church. (2008). Freemasonry. https://opc.org/qa.html?question_id=291
United Grand Lodge of England. (n.d.). Frequently asked questions. https://www.ugle.org.uk/discover-freemasonry/frequently-asked-questions
Wisconsin Evangelical Lutheran Synod. (2019, September 23). Freemasonry and the Bible. https://wels.net/faq/freemasonry-and-the-bible/
Wisconsin Evangelical Lutheran Synod. (2020, September 22). Freemasonry. https://wels.net/faq/freemasonry/
Follow-Up: Does the Linux Time Machine SMB Setup Change on Linux Mint 22?
In the previous article, I covered why Apple is moving away from Apple Filing Protocol (AFP) and how to configure a Linux Mint server as a Time Machine backup target using Samba and SMB. A natural follow-up question is whether the process works differently on Linux Mint 22 compared with Linux Mint 21.3.
The short answer is: not very much. The same general Samba, SMB, Avahi, and vfs_fruit configuration works on both Linux Mint 21.3 and Linux Mint 22.x. However, there are a few version-related details worth understanding before you build or upgrade a Linux-based Time Machine server.
Linux Mint 21.3 vs Linux Mint 22.x
Linux Mint 21.3, codenamed Virginia, is part of the Linux Mint 21 series. It is based on the Ubuntu Jammy package base and is supported until April 2027 (Linux Mint, n.d.-a).
Linux Mint 22.x, including Linux Mint 22.3, codenamed Zena, is part of the Linux Mint 22 series. It is based on the Ubuntu Noble package base and is supported until April 2029 (Linux Mint, n.d.-a; Linux Mint, n.d.-b).
For a Time Machine server, this means Linux Mint 22.x gives you a newer long-term support base, a longer support window, and newer packages from the Ubuntu 24.04 LTS family. Linux Mint 21.3 is still usable and supported, but it is closer to the end of its support lifecycle.
Does the Samba Configuration Change?
The basic Samba configuration does not need to change just because you are using Linux Mint 22 instead of Linux Mint 21.3.
The package installation command is the same:
sudo apt update
sudo apt install samba avahi-daemonThe service commands are also the same:
sudo systemctl enable --now smbd
sudo systemctl enable --now avahi-daemonThe same Samba share structure can be used:
[global]
workgroup = WORKGROUP
server role = standalone server
security = user
map to guest = Bad User
min protocol = SMB2
fruit:aapl = yes
fruit:model = TimeCapsule
[TimeMachine]
comment = Time Machine Backups
path = /data/timemachine
browseable = yes
read only = no
valid users = tmbackup
vfs objects = catia fruit streams_xattr
fruit:time machine = yes
fruit:time machine max size = 1TThe important part is not whether the system is Mint 21.3 or Mint 22.x. The important part is that Samba is configured to advertise the share properly for Apple clients. Samba’s vfs_fruit module is the feature that improves compatibility with Apple SMB clients, and the fruit:time machine = yes option tells Samba to advertise the share as Time Machine-capable (Samba Team, n.d.).
What Actually Changes on Linux Mint 22?
The biggest change is the underlying package base. Linux Mint 22.x uses the newer Ubuntu Noble package base, while Linux Mint 21.3 uses the older Ubuntu Jammy package base (Linux Mint, n.d.-a).
In plain English, that means Mint 22.x generally has newer versions of system components, libraries, drivers, and server packages. For a Samba Time Machine server, that is generally a positive thing. Newer Samba packages often include bug fixes, security fixes, and compatibility improvements.
However, the administrative workflow stays the same:
sudo apt update
sudo apt install samba avahi-daemon
sudo vi /etc/samba/smb.conf
testparm
sudo systemctl restart smbdAfter installation, it is a good idea to confirm the installed Samba version:
samba --versionThen validate the configuration:
testparmIf testparm reports no major issues, restart Samba:
sudo systemctl restart smbdDoes Avahi Still Matter?
Yes. Avahi is still useful on Linux Mint 22.
Samba handles SMB file sharing. Avahi helps with local network discovery, allowing Macs to find services using Bonjour-style discovery. You can still connect manually from Finder using an address such as:
smb://server1.local/TimeMachineOr, if local name resolution is not working:
smb://192.168.1.50/TimeMachineUsing the IP address is often the simplest troubleshooting step when the Mac cannot find the server by name.
Should You Upgrade a Working Mint 21.3 Time Machine Server?
If your Linux Mint 21.3 Time Machine server is working correctly, there is no immediate technical requirement to rebuild it on Linux Mint 22. Linux Mint 21.3 remains supported until April 2027 (Linux Mint, n.d.-a).
However, for a new build, I would choose Linux Mint 22.x. It has the longer support window, newer package base, and better long-term position. A backup server is something you want to set up once, document well, and avoid touching unless necessary. Starting from the newer LTS base makes more sense for a fresh installation.
For an existing Mint 21.3 server, the decision depends on your priorities.
If the server is stable, patched, and used only on your trusted home network, keeping Mint 21.3 until you are ready for a planned upgrade is reasonable.
If you are building a new backup target, replacing older hardware, or cleaning up your home lab, Linux Mint 22.x is the better choice.
Practical Recommendation
For a new Time Machine server, use Linux Mint 22.x.
For an existing Linux Mint 21.3 server, keep it if it is stable, documented, and receiving updates. Plan a controlled upgrade before the Linux Mint 21.x support window ends.
In either case, the core Samba configuration remains the same:
vfs objects = catia fruit streams_xattr
fruit:time machine = yes
fruit:time machine max size = 1TThose settings matter more than the difference between Mint 21.3 and Mint 22.x.
Upgrade Checklist
Before upgrading an existing Linux Mint 21.3 Time Machine server to Linux Mint 22.x, make sure you have the following:
- A backup of
/etc/samba/smb.conf - A record of your Samba users
- A record of the Time Machine share path
- A record of ownership and permissions on the backup directory
- A current backup of any important data on the server
- A tested way to reconnect the Mac to the SMB share after the upgrade
At minimum, save the Samba configuration:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.backup.$(date +%F)Check the backup directory permissions:
ls -ld /data/timemachineList the Samba users:
sudo pdbedit -LAfter the upgrade, verify Samba and Avahi:
systemctl status smbd --no-pager
systemctl status avahi-daemon --no-pagerThen validate Samba:
testparmConclusion
Linux Mint 22 does not fundamentally change the process of serving a Time Machine backup share from a Linux server. The same SMB-based Samba configuration still applies, and the same Apple-focused vfs_fruit settings are still the key to making the share work properly with macOS.
The main difference is lifecycle and package freshness. Linux Mint 21.3 is based on the Ubuntu Jammy package base and is supported until April 2027. Linux Mint 22.x is based on the Ubuntu Noble package base and is supported until April 2029 (Linux Mint, n.d.-a). For a new Time Machine server, Linux Mint 22.x is the better long-term choice. For an existing Linux Mint 21.3 server, the configuration can continue to work, but it would be wise to plan the move to Mint 22.x before the support window closes.
The bottom line is simple: Apple is moving Time Machine network backups away from AFP and toward SMB. Whether you use Linux Mint 21.3 or Linux Mint 22.x, Samba with vfs_fruit is the correct path forward.
References
Linux Mint. (n.d.-a). All versions. https://linuxmint.com/download_all.php
Linux Mint. (n.d.-b). Linux Mint 22.3 Release Notes. https://www.linuxmint.com/rel_zena.php
Linux Mint. (n.d.-c). Linux Mint 21.3 Release Notes. https://linuxmint.com/rel_virginia.php
Samba Team. (n.d.). vfs_fruit. Samba Documentation. https://www.samba.org/samba/docs/current/man-html/vfs_fruit.8.html
Ubuntu. (n.d.). The Ubuntu lifecycle and release cadence. Canonical. https://ubuntu.com/about/release-cycle
Apple Is Moving Away from AFP: How to Use a Linux SMB Server for Time Machine Backups
Apple’s Time Machine has been around for years, and many Mac users still associate network backups with Apple’s older AirPort Time Capsule, AirPort Extreme shared disks, or network storage devices that supported Apple Filing Protocol, commonly known as AFP. However, AFP is now part of Apple’s legacy networking past. For anyone running a home lab, Linux file server, or NAS-style backup target, the practical replacement is SMB.
This article explains what is happening with AFP, why Apple is moving away from it, and how to configure a Linux Mint 21.3 server as a Time Machine backup destination using Samba and SMB.
What Is AFP?
AFP stands for Apple Filing Protocol. It was Apple’s native file-sharing protocol for many years, especially during the classic Mac OS and early Mac OS X era. It was designed around Apple’s file system expectations and supported Mac-specific metadata, resource forks, and other behaviors that mattered more in earlier generations of the Mac ecosystem.
For a long time, AFP worked well in Apple-only environments. It was commonly used by older Mac file servers, AirPort Time Capsule devices, AirPort Extreme USB disk sharing, and some third-party NAS appliances. Because Time Machine was originally introduced in the Mac OS X era, many older Time Machine network backup targets were built around AFP.
The problem is that AFP is no longer Apple’s preferred direction. Apple now clearly recommends SMB when a choice exists between SMB and AFP for Time Machine backups (Apple, n.d.-a). Apple also states that Time Machine backup to NAS devices over AFP is not recommended and will not be supported in a future version of macOS (Apple, 2025a). In macOS Sequoia, Apple has also stated that the AFP client is deprecated and will be removed in a future version of macOS (Apple, n.d.-b).
AFP Is a Protocol, Not a Disk Format
One point that causes confusion is the phrase “AFP disk.” AFP is not a disk format like APFS, HFS+, ext4, XFS, or ZFS. AFP is a network file-sharing protocol. When someone says that macOS will not support “AFP disks,” what they usually mean is that macOS will stop supporting network shares accessed through AFP.
The actual disk behind the network share might be formatted as HFS+, APFS, ext4, XFS, ZFS, Btrfs, or something else. The client Mac normally does not directly see that underlying filesystem. It sees a network share presented through a protocol such as AFP or SMB.
This distinction matters because the solution is usually not to reformat the Linux server’s disk. The solution is to stop serving the backup location through AFP and serve it through SMB instead.
Why Apple Is Moving Away from AFP
Apple’s move away from AFP makes sense for several reasons.
First, AFP is old and Apple-specific. It is not a broad cross-platform standard in the same way SMB has become. SMB is widely used by macOS, Windows, Linux, enterprise NAS devices, and general file servers.
Second, Apple’s modern file-sharing direction has been moving toward SMB. Apple’s own Time Machine documentation says that if a choice is available between SMB and AFP, SMB should be used for backup (Apple, n.d.-a). Apple’s Time Machine support article also says third-party NAS devices should support Time Machine over SMB (Apple, 2025a).
Third, Apple’s modern file system, APFS, does not align with an AFP-centered future. Apple’s APFS documentation states that APFS volumes can be shared using SMB or NFS, but not AFP, and identifies AFP as deprecated (Apple, n.d.-c).
Finally, removing AFP reduces the number of legacy components Apple must maintain and secure. Every protocol included with macOS has to be tested, patched, and supported. As AFP usage declines, it makes sense for Apple to consolidate around SMB.
What This Means for Home Labs and Linux Servers
If you run a Linux server and want it to serve as a Time Machine destination, you should configure Samba for SMB-based Time Machine support. Samba is the standard SMB server implementation used on Linux and Unix-like systems.
For Mac compatibility, Samba provides a module called vfs_fruit. The Samba documentation describes vfs_fruit as providing enhanced compatibility with Apple SMB clients. It can also advertise a share as a Time Machine-capable destination by using the fruit:time machine = yes option (Samba Team, n.d.).
In practical terms, this means a Linux Mint 21.3 server can replace an AFP-based backup target as long as Samba is configured correctly.
Example Goal
In this example, the Linux Mint server will provide a Time Machine backup share with these assumptions:
Server hostname: server1
Backup directory: /data/timemachine
Linux backup user: tmbackup
Samba share name: TimeMachine
Maximum advertised Time Machine size: 1T
You can change those values to match your own environment.
Step 1: Install Samba and Avahi
On the Linux Mint server, install Samba and Avahi:
sudo apt update
sudo apt install samba avahi-daemonSamba provides the SMB file-sharing service. Avahi provides local network service discovery using mDNS and DNS-SD, which is compatible with Apple Bonjour-style discovery (Avahi, n.d.). In many home networks, Avahi helps the Mac find the server automatically in Finder and Time Machine.
Enable and start the services:
sudo systemctl enable --now smbd
sudo systemctl enable --now avahi-daemonCheck that they are running:
systemctl status smbd --no-pager
systemctl status avahi-daemon --no-pagerStep 2: Create a Dedicated Time Machine User
Create a Linux user for Time Machine backups:
sudo adduser tmbackupThen create a Samba password for that user:
sudo smbpasswd -a tmbackup
sudo smbpasswd -e tmbackupThis account will be used by the Mac when connecting to the Time Machine share.
For a home server, it is usually cleaner to create a dedicated backup account instead of using your normal Linux login account. This makes it easier to control permissions and isolate the backup location.
Step 3: Create the Backup Directory
Create the directory that will store the Time Machine sparsebundle backup files:
sudo mkdir -p /data/timemachineSet ownership so the backup user can write to it:
sudo chown tmbackup:tmbackup /data/timemachineSet restrictive permissions:
sudo chmod 700 /data/timemachineThis gives the tmbackup user access while preventing other local users from browsing the backup directory.
Step 4: Back Up the Samba Configuration
Before editing Samba, make a backup copy of the existing configuration:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak.$(date +%F)Edit the Samba configuration using vi:
sudo vi /etc/samba/smb.confAdd or adjust the following configuration.
[global]
workgroup = WORKGROUP
server role = standalone server
security = user
map to guest = Bad User
min protocol = SMB2
fruit:aapl = yes
fruit:model = TimeCapsule
[TimeMachine]
comment = Time Machine Backups
path = /data/timemachine
browseable = yes
read only = no
valid users = tmbackup
vfs objects = catia fruit streams_xattr
fruit:time machine = yes
fruit:time machine max size = 1TSave and exit vi.
A few settings are especially important:
min protocol = SMB2 prevents older SMB1 connections.
fruit:aapl = yes enables Apple SMB2+ extensions, which improve behavior and performance for Mac clients.
vfs objects = catia fruit streams_xattr enables the Samba modules commonly used for better macOS SMB compatibility.
fruit:time machine = yes advertises the share as Time Machine-capable.
fruit:time machine max size = 1T limits the size reported to Time Machine. This helps prevent Time Machine from assuming it can consume the entire underlying filesystem. Samba’s documentation warns that this value is an approximation based on Time Machine sparsebundle contents, so the share should be dedicated to Time Machine backups when using this option (Samba Team, n.d.).
Step 5: Test the Samba Configuration
Run:
testparmIf Samba reports no serious errors, restart Samba:
sudo systemctl restart smbdThen confirm Samba is listening:
sudo systemctl status smbd --no-pagerStep 6: Allow Samba Through the Firewall
If UFW is enabled on the Linux Mint server, allow Samba:
sudo ufw allow SambaCheck firewall status:
sudo ufw status verboseIf the server and Mac are on the same trusted home network, this is usually sufficient. If the server is exposed to untrusted networks, do not open SMB broadly. SMB should normally be limited to a trusted LAN or VPN.
Step 7: Connect from macOS
On the Mac, open Finder and choose:
Go > Connect to Server
Enter:
smb://server1.local/TimeMachineIf .local name resolution does not work, use the server’s IP address instead:
smb://192.168.1.50/TimeMachineLog in with:
Username: tmbackup
Password: the Samba password you set with smbpasswd
Once the share mounts successfully, open Time Machine settings on the Mac and select the network share as the backup disk.
On recent macOS versions, go to:
System Settings > General > Time Machine
Then add or select the SMB share as the backup destination.
Step 8: Encrypt the Backup from the Mac
When setting up the Time Machine destination, enable backup encryption from the Mac if available. This protects the backup contents if someone gains access to the server’s disk or copies the Time Machine sparsebundle.
Encryption is especially important for laptops because Time Machine backups may contain browser data, documents, email data, SSH keys, application data, and other sensitive information.
Store the encryption password safely. If you lose the Time Machine encryption password, you may not be able to restore from that backup.
Step 9: Verify That Backups Are Running
After configuration, start a backup from the Mac. On the Linux server, you can watch the backup directory:
sudo ls -lh /data/timemachineYou should eventually see a Time Machine sparsebundle created for the Mac.
You can also check Samba logs if something fails:
sudo journalctl -u smbd --no-pagerOr review Samba log files:
ls -lh /var/log/samba/Troubleshooting Tips
If the Mac cannot see the server automatically, connect manually using Finder with the smb:// path.
If the Mac can connect but Time Machine does not list the share, recheck that the share includes:
fruit:time machine = yesIf the share appears but backups fail, check permissions on the backup directory:
ls -ld /data/timemachineThe directory should be writable by the Samba user.
If name resolution fails, try the server’s IP address instead of the .local hostname.
If the backup grows too large, reduce the value of:
fruit:time machine max size = 1TThen restart Samba:
sudo systemctl restart smbdRecommended Practices
Use a dedicated share for Time Machine. Do not mix normal file storage and Time Machine backups in the same directory.
Use a dedicated Samba user for backups.
Use a wired connection for the first backup if possible. The first Time Machine backup can be large.
Use redundant storage if the backup matters. A Time Machine backup stored on a single failing disk is still a single point of failure.
Do not expose SMB directly to the internet.
Periodically test restores. A backup is only useful if it can be restored.
Conclusion
AFP served Mac users well for many years, but it is now a legacy protocol. Apple is clearly moving Time Machine network backups toward SMB, and future macOS versions will remove AFP support. For Linux server users, the practical answer is to configure Samba with Apple-compatible settings and enable Time Machine support through vfs_fruit.
A Linux Mint 21.3 system can work well as a Time Machine backup target when Samba is configured properly. By using SMB, a dedicated backup user, proper permissions, and the fruit:time machine = yes setting, you can replace an older AFP-based backup workflow with a more modern and future-ready configuration.
References
Apple. (2025a, December 5). Backup disks you can use with Time Machine. Apple Support. https://support.apple.com/en-us/102423
Apple. (n.d.-a). Types of disks you can use with Time Machine on Mac. Apple Support. Retrieved June 3, 2026, from https://support.apple.com/guide/mac-help/types-of-disks-you-can-use-with-time-machine-mh15139/mac
Apple. (n.d.-b). What’s new for enterprise in macOS Sequoia. Apple Support. Retrieved June 3, 2026, from https://support.apple.com/en-us/121011
Apple. (n.d.-c). Apple File System Guide: Frequently Asked Questions. Apple Developer Documentation Archive. Retrieved June 3, 2026, from https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html
Avahi. (n.d.). mDNS/DNS-SD. Retrieved June 3, 2026, from https://avahi.org/
Samba Team. (n.d.). vfs_fruit. Samba Documentation. Retrieved June 3, 2026, from https://www.samba.org/samba/docs/current/man-html/vfs_fruit.8.html
Installing the Latest Minecraft Java Server on Linux Mint and Connecting from Windows 11
Running a private Minecraft server is a useful home-lab project because it combines Linux administration, Java runtime management, firewall configuration, systemd service management, and basic client/server troubleshooting. This guide explains how to install the latest Java-based Minecraft server on the latest Linux Mint release, then connect to it from a Windows 11 Minecraft client.
As of May 23, 2026, the latest Linux Mint release listed by the project is Linux Mint 22.3 'Zena,' and the latest Minecraft Java release identified on Minecraft.net is Minecraft Java Edition 26.1.2, published April 9, 2026. Future readers should always confirm the current version on the official Linux Mint and Minecraft download pages before installing.
Java Edition versus Bedrock Edition
This article is about the Minecraft: Java Edition server, distributed as a .jar file. Mojang's server download page states that the Java Edition server setup is compatible with Minecraft: Java Edition, not Bedrock Edition. That distinction matters because a normal Windows Bedrock client will not connect directly to a vanilla Java Edition server.
For this setup, the Windows 11 client must run:
|
Minecraft: Java Edition |
not:
|
Minecraft for Windows |
The Minecraft Launcher can provide access to both editions, but the edition selected in the launcher must match the server type. The Microsoft Store listing for the launcher identifies it as available for Windows 10 and Windows 11 and notes that it provides access to Minecraft: Java Edition and Minecraft for Windows.
Install Java 25 on Linux Mint
Recent Minecraft Java versions require a newer Java runtime. The Minecraft Java Edition 26.1 release notes state that the game now requires Java 25 and that the included Java distribution is the Microsoft build of OpenJDK 25.
Linux Mint may not include Java 25 in its default repositories, so a practical approach is to install Eclipse Temurin from Adoptium. Adoptium provides DEB packages for Debian and Ubuntu-style systems, and its documentation specifically notes that Linux Mint users should use UBUNTU_CODENAME instead of VERSION_CODENAME when configuring the repository.
Install Java 25:
|
sudo apt update |
Verify the Java version:
|
java -version |
You should see output showing Java 25. If multiple Java versions are installed, you can use the full Java path later in the systemd service to avoid accidentally launching Minecraft with the wrong runtime.
Create a Minecraft server user and directory
Do not run the Minecraft server as root. Create a dedicated service account and server directory:
|
sudo useradd --system
--home-dir /opt/minecraft --shell /usr/sbin/nologin minecraft |
Switch into the server directory:
|
cd /opt/minecraft |
Download the Minecraft server .jar
Download the official Java Edition server .jar from Mojang's Minecraft server download page or from the latest release article. Mojang's server download page states that downloading the software means agreeing to the Minecraft End User License Agreement and Privacy Policy, so this step should be done from the official Minecraft source.
Use a browser to open the official Minecraft server download page, right-click the server .jar link, and copy the link address. Then download it on the Linux Mint server:
|
sudo -u minecraft wget -O /opt/minecraft/server.jar '<paste official Minecraft server.jar URL here>' |
For future-proof documentation, I recommend naming the downloaded file server.jar and documenting the actual Minecraft version separately in a text file:
|
echo "Minecraft Java
Server installed from official Mojang server.jar link" | sudo tee
/opt/minecraft/README.txt |
First start and EULA acceptance
Start the server once to generate the initial configuration files:
|
sudo -u minecraft /usr/lib/jvm/temurin-25-jdk-amd64/bin/java -Xms2G -Xmx4G -jar /opt/minecraft/server.jar nogui |
The server will stop and create an eula.txt file. Edit it:
|
sudo vi /opt/minecraft/eula.txt |
Change:
|
eula=false |
to:
|
eula=true |
Save the file. Mojang's server download page explains that the server is run from the command line with Java and that the nogui option can be omitted only if the graphical interface is desired. On a Linux server, nogui is normally the right choice.
Start the server again:
|
sudo -u minecraft /usr/lib/jvm/temurin-25-jdk-amd64/bin/java -Xms2G -Xmx4G -jar /opt/minecraft/server.jar nogui |
When the server finishes loading, you should see a message indicating that it is ready. Stop it with:
|
Ctrl + C |
Configure basic server settings
The main configuration file is:
|
/opt/minecraft/server.properties |
Edit it:
|
sudo vi /opt/minecraft/server.properties |
For a simple home server, these are the most important settings to review:
|
server-port=25565 |
Leave server-ip= blank unless you have a specific reason to bind the server to only one address. For most home and lab servers, leaving it blank allows Minecraft to listen normally on the system's available interfaces.
Open the firewall
Minecraft Java Edition normally listens on TCP port 25565. If UFW is enabled on Linux Mint, allow that port:
|
sudo ufw allow 25565/tcp |
Find the Linux server's IP address:
|
ip -o -4 addr show up scope global |
You should see an address such as:
|
192.168.1.50/24 |
The Windows client will use that IP address to connect.
Manage the server with systemd
A manual command is useful for testing, but a real server should be managed by systemd. Create a service file:
|
sudo vi /etc/systemd/system/minecraft.service |
Add:
|
[Unit] |
Reload systemd and start the service:
|
sudo systemctl daemon-reload |
Check status:
|
systemctl status minecraft |
Watch the live logs:
|
journalctl -u minecraft -f |
Useful management commands:
|
sudo systemctl start
minecraft |
Troubleshooting Java version errors
If the server fails with an error such as:
|
UnsupportedClassVersionError |
the Minecraft server .jar was compiled for a newer Java runtime than the one used to start it. Since Minecraft 26.1 requires Java 25, the fix is to make sure the systemd service uses Java 25 directly:
|
/usr/lib/jvm/temurin-25-jdk-amd64/bin/java -version |
If that shows Java 25, use that exact path in the ExecStart= line of the systemd service.
Install the Minecraft client on Windows 11
On the Windows 11 PC, install the Minecraft Launcher from the Microsoft Store or from the official Minecraft download page. Minecraft's download page says the launcher can be installed through the Microsoft Store or from Minecraft.net, and the official Help Center provides instructions for downloading and installing the launcher.
On Windows 11:
1. Open Microsoft Store.
2. Search for Minecraft Launcher.
3. Install Minecraft Launcher.
4. Open the launcher.
5. Sign in with the Microsoft account that owns Minecraft.
6. Select Minecraft: Java Edition.
7. Use Latest Release, or choose the exact version that matches the server.
8. Click Play.
The client and server should run the same Minecraft Java version. Mojang's 26.1.2 release notes instruct players to use the Minecraft Launcher and set it to 'Latest Release' to install the release.
If you need to select a specific version:
|
Minecraft Launcher → Minecraft: Java Edition → Installations → New Installation |
Then choose the version that matches the server.
Connect from Windows 11 to the Linux Mint server
Once Minecraft Java Edition is running on Windows 11:
9. Click Multiplayer.
10. Click Add Server or Direct Connection.
11. Enter the Linux Mint server IP address.
12. Click Join Server.
If the server IP is:
|
192.168.1.50 |
and the server is using the default port, enter:
|
192.168.1.50 |
If you changed the port, enter it like this:
|
192.168.1.50:25565 |
If the client cannot connect, test from Windows PowerShell:
|
Test-NetConnection 192.168.1.50 -Port 25565 |
A successful result should show:
|
TcpTestSucceeded : True |
If that test fails, check these items:
· The Minecraft service is running on Linux.
· The Linux firewall allows TCP 25565.
· The Windows client is on the same network or has a route to the server.
· The client is running Minecraft: Java Edition, not Bedrock Edition.
· The client version matches the server version.
· The server.properties file uses the correct port.
Optional: allow only known players
For a private server, consider enabling the whitelist:
|
sudo vi /opt/minecraft/server.properties |
Set:
|
white-list=true |
Restart the server:
|
sudo systemctl restart minecraft |
Add a player from the Minecraft server console or by using the server command interface:
|
whitelist add PlayerName |
You can send commands to the running server through the service logs only if you have set up a console method such as screen, tmux, or a management wrapper. For a basic setup, stopping the service and running the server manually for administration is sometimes simpler.
Final checklist
A working Linux Mint Minecraft Java server should have:
· Linux Mint installed and updated.
· Java 25 installed.
· Official Minecraft Java server.jar downloaded from Mojang.
· Dedicated minecraft service account.
· EULA accepted.
· server.properties reviewed.
· TCP port 25565 allowed through the firewall.
· minecraft.service enabled and running.
· Windows 11 client running Minecraft: Java Edition.
· Client version matching the server version.
This setup gives you a stable vanilla Minecraft Java server that starts automatically, runs as a non-root user, logs through systemd, and is accessible from Windows 11 clients on the network.
References
Adoptium. (n.d.). Linux (RPM/DEB/APK) installer packages. Eclipse Foundation. https://adoptium.net/installation/linux
Linux Mint. (n.d.). Download Linux Mint 22.3. https://linuxmint.com/download.php
Microsoft. (n.d.). Minecraft Launcher. Xbox. https://www.xbox.com/en-US/games/store/minecraft-launcher/9pgw18npbzv5
Mojang. (2026, March 24). Minecraft Java Edition 26.1. Minecraft. https://www.minecraft.net/en-us/article/minecraft-java-edition-26-1
Mojang. (2026, April 9). Minecraft Java Edition 26.1.2. Minecraft. https://www.minecraft.net/en-us/article/minecraft-java-edition-26-1-2
Mojang. (n.d.-a). Download Minecraft & server software. Minecraft. https://www.minecraft.net/en-us/download
Mojang. (n.d.-b). Download the Minecraft: Java Edition server. Minecraft. https://www.minecraft.net/en-us/download/server
Mojang. (n.d.-c). How to download and install the Minecraft Launcher. Minecraft Help Center. https://help.minecraft.net/hc/en-us/articles/23907917790093-How-to-Download-and-Install-the-
Subscribe to:
Posts (Atom)