Difference between revisions of "Netatalk"

From ArchWiki
Jump to: navigation, search
(Enable Autodiscover)
(Netatalk: rebuild for 3.0)
(23 intermediate revisions by 11 users not shown)
Line 1: Line 1:
[[Category:Networking (English)]]
+
[[Category:Networking]]
[[Category:HOWTOs (English)]]
+
[https://aur.archlinux.org/packages.php?ID=10032 Netatalk] v3.0 is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers.
'''Netatalk''' is a free, open-source implementation of the AppleTalk suite of protocols. It allows Unix-like operating systems to serve as file, print and time servers for Macintosh computers.
+
  
==Installation==
+
The older version of netatalk, v2.2.3, is distributed as [https://aur.archlinux.org/packages.php?ID=59006 netatalk-ddp] and supports the Apple Macintosh network protocols, including AppleTalk (ATalk), Apple Filing Protocol (AFP), and Printer Access Protocol (PAP).
There is a netatalk package available in AUR. But the PKGBUILD should be modified to allow the faster CDB backend to be used.  
+
  
Add {{codeline|--with-cnid-cdb-backend}} to the {{codeline|./configure}} line.
+
==Compiling==
 +
Use either the netatalk or netatalk-ddp packages available in AUR, which have initscripts tailored for ArchLinux.
  
Now run makepkg and install the package.
+
===Choosing Features===
 +
With the deprecation of DDP (ATalk, PAP, timelord, and a2boot were removed in v3.0), netatalk has been divided into netatalk and netatalk-ddp. DDP is only necessary to support Mac OS  <= 9, but OS X <= 10.3 will also benefit from the integration of SLP since it does not fully support Bonjour/Zeroconf. DDP would network older Macs which ran on AppleTalk instead of TCP/IP, and timelord and a2boot were for time-synchronization and Apple II booting. PAP may still be necessary for users with LaserWriter printers without TCP/IP support.
  
==Configuration==
+
A build of the netatalk AUR package will only build the "modern" features cnid_metad and afpd, with Bonjour/Zeroconf support only.
Edit the afpd configuration File ({{codeline|/etc/netatalk/afpd.conf}}) and the follwing line to the very end of the file replacing the existing one:
+
  
{{file|name=/etc/netatalk/afpd.conf|content=...<br> - -transall -uamlist uams_randnum.so,uams_dhx.so -nosavepassword -advertise_ssh<br>...}}
+
To build the full complement of features with SLP support, build netatalk-ddp instead.
  
==Configure shared volumes==
+
==Installation==
To add a shared volume, we have to edit the {{codeline|/etc/netatalk/AppleVolumes.default}}-Configuration file, add a line like this:
+
Install your finished package with pacman as usual, and remember to {{Ic|systemctl enable netatalk.service}}.
  
{{File|name=/etc/netatalk/AppleVolumes.default|content=...<br><path_to_share> <sharename> allow:<username> cnidscheme:cdb options:usedots,upriv<br>...}}
+
Besides the configuration files that are installed (and checked during upgrade), netatalk may generate two files {{Ic|/etc/netatalk/afp_signature.conf}} or {{Ic|/var/state/netatalk/afp_signature.conf}} which holds the system UUID, and {{Ic|/etc/netatalk/afp_voluuid.conf}} or {{Ic|/var/state/netatalk/afp_voluuid.conf}} which holds volume UUIDs for TimeMachine. These files may remain after package removal and should be kept in most cases to disambiguate the services broadcast over the local network.
 +
===Netatalk-ddp Initscripts===
 +
{{Warning|This section is now outdated}}
 +
To emulate the init functionality of the systems fully-supported by netatalk, one initscript "netatalk" is responsible for starting and stopping the individual daemons. The script checks for the binaries available on the system, and starts them in a specific order, skipping those that are already running. The stop process occurs in reverse. To prevent ambiguity, only "netatalk" registers as a daemon with the system, but is silent, it doesn't echo any messages. The individual initscripts echo to the terminal, but don't register as daemons to prevent confusion.
  
{{Warning|Avoid nesting volumes, do not share directories, which are filed under already shared directories}}
+
The individual scripts are provided for users who may want to manage the daemons at runtime or add specific arguments, but don't worry, they will obey the necessary dependencies for proper operation. If a daemon is required by others, it won't stop until its children aren't running; if a daemon has dependencies it won't start until these are met.
  
==Enable Time-Machine Support==
+
==Configuration==
To enable Time-Machine-Support just add {{codeline|tm}} to the options for the volume in {{codeline|/etc/netatalk/AppleVolumes.default}}.
+
===Netatalk===
 
+
Netatalk 3.x uses a single configuration file, {{ic|/etc/afp.conf}}, and a single service, '''netatalk'''. Users moving from 2.x to 3.x should be aware that CNID data is no longer stored in {{ic|.AppleDB}} directories alongside the hosted data, but in {{ic|/var/state/netatalk/CNID}}. To upgrade a share, remove any {{ic|.AppleDB}} directories and rebuild with {{ic|dbd -r <path>}}.
==Enable Autodiscover==
+
To enable Autodiscover (your osx systems see your netatalk-server in the finder), we have to install avahi and nss-mdns
+
  
#pacman -S avahi nss-mdns
+
See {{ic|man afp.conf}} and the following example (ensuring processes have write access to afpd.log):
 +
{{hc|/etc/afp.conf|
 +
[Global]
 +
mimic model &#61; TimeCapsule6,106
 +
log level &#61; default:warn
 +
log file &#61; /var/log/afpd.log
 +
hosts allow &#61; 192.168.1.0/16
  
Now configure the nss service ({{codeline|/etc/nsswitch.conf}}) and add {{codeline|mdns}} to the {{codeline|hosts:}}-line so it looks like this:
+
[TimeMachine]
 +
path &#61; /mnt/timemachine
 +
valid users &#61; tmuser
 +
time machine &#61; yes
  
{{File|name=/etc/nsswitch.conf|content=...<br> hosts: files dns mdns4 mdns<br>...}}
+
[media]
 +
path &#61; /srv/share/media
 +
valid users &#61; joe sam}}
 +
{{Warning|Avoid using symbolic links in afp.conf}}
  
Create a new service configuration file ({{codeline|/etc/avahi/services/afpd.service}}):
+
===Netatalk-ddp===
 +
====System====
 +
Edit the afpd configuration file ({{Ic|/etc/netatalk/afpd.conf}}), and add a line similar to
 +
{{hc|/etc/netatalk/afpd.conf|...<br>- -mimicmodel TimeCapsule6,106 -setuplog "default log_warn /var/log/afpd.log"}}
 +
This tells netatalk to use the system's hostname, mimic a TimeCapsule, and log warnings and errors to file.
 +
====Volumes====
 +
Edit the volumes configuration file {{Ic|/etc/netatalk/AppleVolumes.default}}, and append the following to add a TimeMachine-like share
 +
{{hc|/etc/netatalk/AppleVolumes.default|...<br><path_to_share> <sharename> allow:<username> options:usedots,upriv,tm}}
 +
* The {{Ic|volsizelimit:<limit_in_whole_mebibytes>}} argument can be useful here to limit the total space reported to TimeMachine.
 +
* If you wish to turn off "home" shares, change the {{Ic|~}} line to {{Ic|#~}}.
 +
{{Warning|Avoid nesting volumes, and do not share directories by any other protocol. All file changes must be made via afpd only}}
 +
==IP Tables==
 +
If you use the iptables package for firewall services, consider adding the following: (replace {{Ic|-I}} with {{Ic|-A}} as necessary)
 +
{{hc|Bonjour/Zeroconf|iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
 +
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT}}
 +
{{hc|AFP|iptables -I INPUT -p tcp --dport afpovertcp -j ACCEPT}}
 +
{{hc|SLP|iptables -I INPUT -p tcp --dport slp -j ACCEPT
 +
iptables -I OUTPUT -p tcp --dport slp -j ACCEPT
 +
iptables -I INPUT -p udp --dport slp -j ACCEPT
 +
iptables -I OUTPUT -p udp --dport slp -j ACCEPT}}
 +
{{hc|AppleTalk|iptables -I INPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT
 +
iptables -I OUTPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT}}
  
{{File|name=/etc/avahi/services/afpd.service|content=
+
==Enable Bonjour/Zeroconf==
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
+
Bonjour/Zeroconf is now a requirement of netatalk and is compiled by default. No configuration is necessary, netatalk will register its own services using the dbus link. Make sure you set {{Ic|-mimicmodel}} to the desired string (see {{Ic|/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist}} on a Mac for a full list).
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+
<service-group>
+
    <name replace-wildcards="yes">%h</name>
+
    <service>
+
      <type>_afpovertcp._tcp</type>
+
      <port>548</port>
+
    </service>
+
    <service>
+
      <type>_device-info._tcp</type>
+
      <port>0</port>
+
      <txt-record>model=Xserve</txt-record>
+
    </service>
+
</service-group>
+
}}
+

Revision as of 01:43, 7 December 2012

Netatalk v3.0 is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers.

The older version of netatalk, v2.2.3, is distributed as netatalk-ddp and supports the Apple Macintosh network protocols, including AppleTalk (ATalk), Apple Filing Protocol (AFP), and Printer Access Protocol (PAP).

Compiling

Use either the netatalk or netatalk-ddp packages available in AUR, which have initscripts tailored for ArchLinux.

Choosing Features

With the deprecation of DDP (ATalk, PAP, timelord, and a2boot were removed in v3.0), netatalk has been divided into netatalk and netatalk-ddp. DDP is only necessary to support Mac OS <= 9, but OS X <= 10.3 will also benefit from the integration of SLP since it does not fully support Bonjour/Zeroconf. DDP would network older Macs which ran on AppleTalk instead of TCP/IP, and timelord and a2boot were for time-synchronization and Apple II booting. PAP may still be necessary for users with LaserWriter printers without TCP/IP support.

A build of the netatalk AUR package will only build the "modern" features cnid_metad and afpd, with Bonjour/Zeroconf support only.

To build the full complement of features with SLP support, build netatalk-ddp instead.

Installation

Install your finished package with pacman as usual, and remember to systemctl enable netatalk.service.

Besides the configuration files that are installed (and checked during upgrade), netatalk may generate two files /etc/netatalk/afp_signature.conf or /var/state/netatalk/afp_signature.conf which holds the system UUID, and /etc/netatalk/afp_voluuid.conf or /var/state/netatalk/afp_voluuid.conf which holds volume UUIDs for TimeMachine. These files may remain after package removal and should be kept in most cases to disambiguate the services broadcast over the local network.

Netatalk-ddp Initscripts

Warning: This section is now outdated

To emulate the init functionality of the systems fully-supported by netatalk, one initscript "netatalk" is responsible for starting and stopping the individual daemons. The script checks for the binaries available on the system, and starts them in a specific order, skipping those that are already running. The stop process occurs in reverse. To prevent ambiguity, only "netatalk" registers as a daemon with the system, but is silent, it doesn't echo any messages. The individual initscripts echo to the terminal, but don't register as daemons to prevent confusion.

The individual scripts are provided for users who may want to manage the daemons at runtime or add specific arguments, but don't worry, they will obey the necessary dependencies for proper operation. If a daemon is required by others, it won't stop until its children aren't running; if a daemon has dependencies it won't start until these are met.

Configuration

Netatalk

Netatalk 3.x uses a single configuration file, /etc/afp.conf, and a single service, netatalk. Users moving from 2.x to 3.x should be aware that CNID data is no longer stored in .AppleDB directories alongside the hosted data, but in /var/state/netatalk/CNID. To upgrade a share, remove any .AppleDB directories and rebuild with dbd -r <path>.

See man afp.conf and the following example (ensuring processes have write access to afpd.log):

/etc/afp.conf
[Global]
mimic model = TimeCapsule6,106
log level = default:warn
log file = /var/log/afpd.log
hosts allow = 192.168.1.0/16

[TimeMachine]
path = /mnt/timemachine
valid users = tmuser
time machine = yes

[media]
path = /srv/share/media
valid users = joe sam
Warning: Avoid using symbolic links in afp.conf

Netatalk-ddp

System

Edit the afpd configuration file (/etc/netatalk/afpd.conf), and add a line similar to

/etc/netatalk/afpd.conf
...
- -mimicmodel TimeCapsule6,106 -setuplog "default log_warn /var/log/afpd.log"

This tells netatalk to use the system's hostname, mimic a TimeCapsule, and log warnings and errors to file.

Volumes

Edit the volumes configuration file /etc/netatalk/AppleVolumes.default, and append the following to add a TimeMachine-like share

/etc/netatalk/AppleVolumes.default
...
<path_to_share> <sharename> allow:<username> options:usedots,upriv,tm
  • The volsizelimit:<limit_in_whole_mebibytes> argument can be useful here to limit the total space reported to TimeMachine.
  • If you wish to turn off "home" shares, change the ~ line to #~.
Warning: Avoid nesting volumes, and do not share directories by any other protocol. All file changes must be made via afpd only

IP Tables

If you use the iptables package for firewall services, consider adding the following: (replace -I with -A as necessary)

Bonjour/Zeroconf
iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
AFP
iptables -I INPUT -p tcp --dport afpovertcp -j ACCEPT
SLP
iptables -I INPUT -p tcp --dport slp -j ACCEPT
iptables -I OUTPUT -p tcp --dport slp -j ACCEPT
iptables -I INPUT -p udp --dport slp -j ACCEPT
iptables -I OUTPUT -p udp --dport slp -j ACCEPT
AppleTalk
iptables -I INPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT
iptables -I OUTPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT

Enable Bonjour/Zeroconf

Bonjour/Zeroconf is now a requirement of netatalk and is compiled by default. No configuration is necessary, netatalk will register its own services using the dbus link. Make sure you set -mimicmodel to the desired string (see /System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist on a Mac for a full list).