Difference between revisions of "Netatalk"

From ArchWiki
Jump to: navigation, search
(Configure shared volumes)
(Link for iptables.)
 
(39 intermediate revisions by 15 users not shown)
Line 1: Line 1:
[[Category:Networking (English)]]
+
[[Category:Networking]]
[[Category:HOWTOs (English)]]
+
[[ja:Netatalk]]
'''Netatalk''' is a free, open-source implementation of the AppleTalk (AFP) suite of protocols. It allows Unix-like operating systems to serve as file, print and time servers for Macintosh computers.
+
Netatalk is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers.
  
 
==Installation==
 
==Installation==
There is a netatalk package available in AUR. But the PKGBUILD should be modified to allow the faster CDB backend to be used.
+
Netatalk can be [[install]]ed with the {{AUR|netatalk}} package.
 
 
Add {{codeline|--with-cnid-cdb-backend}} to the {{codeline|./configure}} line.
 
 
 
Now run makepkg and install the package.
 
  
 
==Configuration==
 
==Configuration==
Edit the afpd configuration File ({{codeline|/etc/netatalk/afpd.conf}}) and the follwing line to the very end of the file replacing the existing one:
+
Enable and/or start {{ic|netatalk.service}} [[systemd#Using units|using systemd]].
 
 
{{file|name=/etc/netatalk/afpd.conf|content=...<br> - -transall -uamlist uams_randnum.so,uams_dhx.so -nosavepassword -advertise_ssh<br>...}}
 
 
 
==Configure shared volumes==
 
To add a shared volume, we have to edit the {{codeline|/etc/netatalk/AppleVolumes.default}}-Configuration file, add a line like this:
 
 
 
{{File|name=/etc/netatalk/AppleVolumes.default|content=...<br><path_to_share> <sharename> allow:<username> cnidscheme:cdb options:usedots,upriv<br>...}}
 
 
 
{{Warning|Avoid nesting volumes, do not share directories, which are filed under already shared directories}}
 
  
{{Note|If you you use {{codeline|cnidscheme:cdb}} be sure to start {{codeline|/etc/rc.d/cnid}} with afpd.}}
+
Besides the configuration files that are installed (and checked during upgrade), netatalk may generate two files {{Ic|/etc/netatalk/afp_signature.conf}} or {{Ic|/var/state/netatalk/afp_signature.conf}} which holds the system UUID, and {{Ic|/etc/netatalk/afp_voluuid.conf}} or {{Ic|/var/state/netatalk/afp_voluuid.conf}} which holds volume UUIDs for TimeMachine. These files may remain after package removal and should be kept in most cases to disambiguate the services broadcast over the local network.
  
==Enable Time-Machine Support==
+
Netatalk 3.x uses a single configuration file, {{ic|/etc/afp.conf}}. See {{ic|man afp.conf}} and the following example (make sure processes have write access to {{ic|afpd.log}}):
To enable Time-Machine-Support just add {{codeline|tm}} to the options for the volume in {{codeline|/etc/netatalk/AppleVolumes.default}}.
+
{{hc|/etc/afp.conf|<nowiki>
 +
[Global]
 +
mimic model = TimeCapsule6,106
 +
log level = default:warn
 +
log file = /var/log/afpd.log
 +
hosts allow = 192.168.1.0/16
  
==Enable Autodiscover==
+
[Homes]
To enable Autodiscover (your osx systems see your netatalk-server in the finder), we have to install avahi and nss-mdns
+
basedir regex = /home
  
#pacman -S avahi nss-mdns
+
[TimeMachine]
 +
path = /mnt/timemachine
 +
valid users = tmuser
 +
time machine = yes
  
Now configure the nss service ({{codeline|/etc/nsswitch.conf}}) and add {{codeline|mdns}} to the {{codeline|hosts:}}-line so it looks like this:
+
[Shared Media]
 +
path = /srv/share/media
 +
valid users = joe sam
 +
</nowiki>}}
 +
{{Warning|Avoid using symbolic links in {{ic|afp.conf}}}}
 +
===Guest access===
 +
In order to allow guest '''read-only''' access to your shared folders, add following line to the {{ic|[Global]}} section:
 +
{{hc|/etc/afp.conf|<nowiki>
 +
[Global]
 +
uam list = uams_guest.so
 +
</nowiki>}}
 +
To allow guest '''read/write''' access, first, allow read-only access as in the previous example and then add following lines to a particular share section:
 +
{{hc|/etc/afp.conf|<nowiki>
 +
[Your Share]
 +
path = /mnt/public/share
 +
rwlist = nobody
 +
</nowiki>}}
  
{{File|name=/etc/nsswitch.conf|content=...<br> hosts: files dns mdns4 mdns<br>...}}
+
==IP Tables==
 +
If you use the [[iptables]] package for firewall services, consider adding the following: (replace {{Ic|-I}} with {{Ic|-A}} as necessary)
 +
{{hc|Bonjour/Zeroconf|iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
 +
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT}}
 +
{{hc|AFP|iptables -I INPUT -p tcp --dport afpovertcp -j ACCEPT}}
 +
{{hc|SLP|iptables -I INPUT -p tcp --dport slp -j ACCEPT
 +
iptables -I OUTPUT -p tcp --dport slp -j ACCEPT
 +
iptables -I INPUT -p udp --dport slp -j ACCEPT
 +
iptables -I OUTPUT -p udp --dport slp -j ACCEPT}}
 +
{{hc|AppleTalk|iptables -I INPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT
 +
iptables -I OUTPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT}}
  
Create a new service configuration file ({{codeline|/etc/avahi/services/afpd.service}}):
+
==Enable Bonjour/Zeroconf==
 +
Bonjour/Zeroconf is now a requirement of netatalk and is compiled by default. No configuration is necessary, netatalk will register its own services using the dbus link. Make sure you set {{Ic|-mimicmodel}} to the desired string (see {{Ic|/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist}} on a Mac for a full list).
  
{{File|name=/etc/avahi/services/afpd.service|content=
+
You may need to enable and/or start {{ic|avahi-daemon.service}} [[systemd#Using units|using systemd]] if it is not running yet.
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
 
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
 
<service-group>
 
    <name replace-wildcards="yes">%h</name>
 
    <service>
 
      <type>_afpovertcp._tcp</type>
 
      <port>548</port>
 
    </service>
 
    <service>
 
      <type>_device-info._tcp</type>
 
      <port>0</port>
 
      <txt-record>model=Xserve</txt-record>
 
    </service>
 
</service-group>
 
}}
 

Latest revision as of 01:36, 28 November 2016

Netatalk is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers.

Installation

Netatalk can be installed with the netatalkAUR package.

Configuration

Enable and/or start netatalk.service using systemd.

Besides the configuration files that are installed (and checked during upgrade), netatalk may generate two files /etc/netatalk/afp_signature.conf or /var/state/netatalk/afp_signature.conf which holds the system UUID, and /etc/netatalk/afp_voluuid.conf or /var/state/netatalk/afp_voluuid.conf which holds volume UUIDs for TimeMachine. These files may remain after package removal and should be kept in most cases to disambiguate the services broadcast over the local network.

Netatalk 3.x uses a single configuration file, /etc/afp.conf. See man afp.conf and the following example (make sure processes have write access to afpd.log):

/etc/afp.conf
[Global]
 mimic model = TimeCapsule6,106
 log level = default:warn
 log file = /var/log/afpd.log
 hosts allow = 192.168.1.0/16

[Homes]
 basedir regex = /home

[TimeMachine]
 path = /mnt/timemachine
 valid users = tmuser
 time machine = yes

[Shared Media]
 path = /srv/share/media
 valid users = joe sam
Warning: Avoid using symbolic links in afp.conf

Guest access

In order to allow guest read-only access to your shared folders, add following line to the [Global] section:

/etc/afp.conf
[Global]
uam list = uams_guest.so

To allow guest read/write access, first, allow read-only access as in the previous example and then add following lines to a particular share section:

/etc/afp.conf
[Your Share]
path = /mnt/public/share
rwlist = nobody

IP Tables

If you use the iptables package for firewall services, consider adding the following: (replace -I with -A as necessary)

Bonjour/Zeroconf
iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
AFP
iptables -I INPUT -p tcp --dport afpovertcp -j ACCEPT
SLP
iptables -I INPUT -p tcp --dport slp -j ACCEPT
iptables -I OUTPUT -p tcp --dport slp -j ACCEPT
iptables -I INPUT -p udp --dport slp -j ACCEPT
iptables -I OUTPUT -p udp --dport slp -j ACCEPT
AppleTalk
iptables -I INPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT
iptables -I OUTPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT

Enable Bonjour/Zeroconf

Bonjour/Zeroconf is now a requirement of netatalk and is compiled by default. No configuration is necessary, netatalk will register its own services using the dbus link. Make sure you set -mimicmodel to the desired string (see /System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist on a Mac for a full list).

You may need to enable and/or start avahi-daemon.service using systemd if it is not running yet.