SMB Repository with password

Not sure if this would be a feature request of just have no idea of how to do it (Or it might require some command line action).

I am trying to use a network share as my repository, (\Shares\PCBACKUPS), and it has a username and password just for backing up purposes.

I do not see an option to save the credentials for this share, since once the server reboots the cached password will be gone.

For me at least (cli, windows 10) after i add the share in windows, duplicacy just uses it as is.
The share though is under this path: \\ASUS\myFolder, where i have an external hdd connected to my asus router.

I’m not sure if there is a programmatic way to set the password for a network share. But you can at least make the password persistent: Windows 10 forgets mapped drive’s credentials after reboot - Super User


Thanks for the response, there must be a way, I’ve used backup software (Acronis and Cloudberry) that allow you to specify credentials when backing to a network share,

Regarding your question, why not simply using the cached one?

For reference, this is the current backup workflow I have: (I just found about this software this week, in fact it is still the trial version, I’m a newbie when it comes to business class backup solutions)

1 VM in a ESXi host, weekly full backup and daily incrementals to a Sinology attached external HDD using Cloudberry Server software, Duplicacy running on the same server using that HDD as repository and uploading to a B2 bucket
(It turns the ~860GB into ~460GB!! :ok_hand:)

2 scenarios:

  1. (From a paranoid perspective)
    What if the server’s admin password is compromised? If there’s a cached password, they can easily ransomware the files and erase the backups from the share and done…

Given, I’m backing up to the cloud as well, but, point still valid, I rather recover from a local HDD than an internet connection.

(Exactly that happened to a client… And no cloud backup, 5K in ransom later and 1 week worth of labor rebuilding the server it was back in action)

  1. What if I have different permissions?

What if the cached password allows for full or limited access to the share and the backup process needs a different set of permissions?

I understand that is probably not the most widespread need, but I would really love to have the feature.

In the meantime… Would you recommend building a VM (Linux perhaps) in my ESXi host for the sole purpose of Duplicacy, that way I would have another layer of isolation in case of a server password compromise

Some progress on this topic.
I have to make an instance where duplicacy has to access a repository that asks me for smb network credentials.
The administrator of that installation does not allow the windows server to keep the credentials saved from smb access, it only allows me access from duplicacy.
Any way to enter those credentials and save them in duplicacy web?

If you can access the network share via UNC path (not mapped drive letter) as a particular user, then running Duplicacy Web as that user should confer the same access rights. You might have to use UNC paths, though, not mapped drives - if Group Policy doesn’t let you access shares with a saved password.

However, you should set up user accounts on both client and server machines with the same username and password so that you never have to be prompted for a password.

Alternatively, you could install Duplicacy as a service (if you haven’t already) and you will need to change the service so that it runs as a user account instead of the SYSTEM account. Here, you can specify a username and password. It’s generally recommended you use a service account (e.g. username ‘duplicacy’) rather than a normal user account, with administrator privileges, so it can still access the repositories. Though, as before, you must also set up a corresponding username with the same password on the server.

Which route you go down depends if you’ve installed as a service or not.

Edit: Currently, the Web UI doesn’t let you browse to an UNC path when adding a storage, but you can just type in the path manually - e.g. \\SERVER\Shared Folders\Duplicacy.

1 Like

Thanks @Droolio

I have solved it using the same user that has permissions on the nas and use it in the windows duplication service (I had to raise the permissions of this user to the group of administrators of the team to run the service well).

Sorry to resurrect an old thread but I was hoping to get some additional directions.

I am having a similar issue using the Web-UI. If I run a backup manually from a local disk to a samba share on a QNAP it works fine using either samba login or UNC paths in the web-gui options.

But when I run a scheduled backup of the same it can’t connect to the samba share.

For a noob, how does one change Web-gui to run as the user account and not the system account in windows? Is there an option somewhere in windows?

Also, how do I install as a service now (as I have already installed the web-gui) and then set that service to run as the user account that has provides to access the Samba share (ie. the windows account I am logged into when I can successfully run the backups manually).

Thanks so much for any help!!

This is how I’d do it. You need to switch Duplicacy to service mode, but first verify where your .duplicacy-web settings directory is…

Should be in C:\Users\<username>\.duplicacy-web if installed just for that user. Or C:\ProgramData\.duplicacy-web if installed for everyone / as a service.

Uninstall Duplicacy (right-click the task tray icon and Quit first) - this won’t remove the settings dir.

Grab the latest Duplicacy web installer and right-click Run as administrator - install for everyone and, right at the end, tell it to install the service.

Delete the Duplicacy shortcut icon on your desktop - it’s designed for non-service mode, and will confuse you when it says it’s already running on that port. Instead visit in your browser and bookmark it and/or drag that shortcut to the desktop (optionally set the icon to the same as the deleted icon :slight_smile: ).

Press the Start button > type service and open Services. Find Duplicacy Web Edition and stop the service. Here you change what user account to run the service as - so right-click > Properties > Log On tab > specify the user account and password. Make sure it has access to the files you want to backup, and the destination file share, and you may want to make it an Administrators account (locally) if you need to enable -vss. Start the service and run a test.

Edit: Incidentally, I didn’t think this would be necessary when accessing the new SMB share storage backend type, since doesn’t it ask you to put in the credentials there? Anyway, this isn’t something I’ve tested so the above instructions is perhaps the old methodology.

Thanks so much for the fast and detailed reply. I’ll give this a go today and see how I get on. I am now having a similar issue with trying to backup from a mounted Cryptomator drive. Sigh. Seems like this privilege elevation thing is causing hassles all over the place!