Difference between revisions of "Netatalk"

From ArchWiki
Jump to: navigation, search
(Installation)
(Link for iptables.)
 
(11 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
[[ja:Netatalk]]
 
Netatalk is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers.
 
Netatalk is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers.
  
 
==Installation==
 
==Installation==
Netatalk v3 is availabe as {{AUR|netatalk}} in the [[AUR]].
+
Netatalk can be [[install]]ed with the {{AUR|netatalk}} package.
 
 
The older version of netatalk, v2, is distributed as {{AUR|netatalk-ddp}} and supports the Apple Macintosh network protocols, including AppleTalk (ATalk), Apple Filing Protocol (AFP), and Printer Access Protocol (PAP).
 
 
 
===Choosing Features===
 
With the deprecation of DDP (and therefore ATalk, PAP, timelord, and a2boot), netatalk also dropped these features in netatalk>=3.0. The legacy 2.x branch with DDP support is still available in the [[AUR]] as {{AUR|netatalk-ddp}}. DDP is only necessary to support Mac OS  <= 9, but OS X <= 10.3 will also benefit from the integration of SLP since it does not fully support Bonjour/Zeroconf. DDP would network older Macs which ran on AppleTalk instead of TCP/IP, and timelord and a2boot were for time-synchronization and Apple II booting. PAP may still be necessary for users with LaserWriter printers without TCP/IP support.
 
 
 
*Install {{AUR|netatalk}} if you only need the "modern" features cnid_metad and afpd, with Bonjour/Zeroconf support only.
 
*Install {{AUR|netatalk-ddp}} to build the full complement of legacy features with SLP support.
 
  
 
==Configuration==
 
==Configuration==
Enable and/or start {{ic|netatalk.service}} [[systemd#using units|using systemd]].
+
Enable and/or start {{ic|netatalk.service}} [[systemd#Using units|using systemd]].
  
 
Besides the configuration files that are installed (and checked during upgrade), netatalk may generate two files {{Ic|/etc/netatalk/afp_signature.conf}} or {{Ic|/var/state/netatalk/afp_signature.conf}} which holds the system UUID, and {{Ic|/etc/netatalk/afp_voluuid.conf}} or {{Ic|/var/state/netatalk/afp_voluuid.conf}} which holds volume UUIDs for TimeMachine. These files may remain after package removal and should be kept in most cases to disambiguate the services broadcast over the local network.
 
Besides the configuration files that are installed (and checked during upgrade), netatalk may generate two files {{Ic|/etc/netatalk/afp_signature.conf}} or {{Ic|/var/state/netatalk/afp_signature.conf}} which holds the system UUID, and {{Ic|/etc/netatalk/afp_voluuid.conf}} or {{Ic|/var/state/netatalk/afp_voluuid.conf}} which holds volume UUIDs for TimeMachine. These files may remain after package removal and should be kept in most cases to disambiguate the services broadcast over the local network.
  
===Netatalk===
+
Netatalk 3.x uses a single configuration file, {{ic|/etc/afp.conf}}. See {{ic|man afp.conf}} and the following example (make sure processes have write access to {{ic|afpd.log}}):
Netatalk 3.x uses a single configuration file, {{ic|/etc/afp.conf}}, and a single service, '''netatalk'''. Users moving from 2.x to 3.x should be aware that CNID data is no longer stored in {{ic|.AppleDB}} directories alongside the hosted data, but in {{ic|/var/state/netatalk/CNID}}. To upgrade a share, remove any {{ic|.AppleDB}} directories and rebuild with {{ic|dbd -r <path>}}.
+
{{hc|/etc/afp.conf|<nowiki>
 +
[Global]
 +
mimic model = TimeCapsule6,106
 +
log level = default:warn
 +
log file = /var/log/afpd.log
 +
hosts allow = 192.168.1.0/16
  
See {{ic|man afp.conf}} and the following example (ensuring processes have write access to afpd.log):
+
[Homes]
{{hc|/etc/afp.conf|
+
basedir regex = /home
[Global]
 
mimic model &#61; TimeCapsule6,106
 
log level &#61; default:warn
 
log file &#61; /var/log/afpd.log
 
hosts allow &#61; 192.168.1.0/16
 
  
 
[TimeMachine]
 
[TimeMachine]
path &#61; /mnt/timemachine
+
path = /mnt/timemachine
valid users &#61; tmuser
+
valid users = tmuser
time machine &#61; yes
+
time machine = yes
  
[media]
+
[Shared Media]
path &#61; /srv/share/media
+
path = /srv/share/media
valid users &#61; joe sam}}
+
valid users = joe sam
{{Warning|Avoid using symbolic links in afp.conf}}
+
</nowiki>}}
 +
{{Warning|Avoid using symbolic links in {{ic|afp.conf}}}}
 +
===Guest access===
 +
In order to allow guest '''read-only''' access to your shared folders, add following line to the {{ic|[Global]}} section:
 +
{{hc|/etc/afp.conf|<nowiki>
 +
[Global]
 +
uam list = uams_guest.so
 +
</nowiki>}}
 +
To allow guest '''read/write''' access, first, allow read-only access as in the previous example and then add following lines to a particular share section:
 +
{{hc|/etc/afp.conf|<nowiki>
 +
[Your Share]
 +
path = /mnt/public/share
 +
rwlist = nobody
 +
</nowiki>}}
  
===Netatalk-ddp===
 
====System====
 
Edit the afpd configuration file ({{Ic|/etc/netatalk/afpd.conf}}), and add a line similar to
 
{{hc|/etc/netatalk/afpd.conf|...<br>- -mimicmodel TimeCapsule6,106 -setuplog "default log_warn /var/log/afpd.log"}}
 
This tells netatalk to use the system's hostname, mimic a TimeCapsule, and log warnings and errors to file.
 
====Volumes====
 
Edit the volumes configuration file {{Ic|/etc/netatalk/AppleVolumes.default}}, and append the following to add a TimeMachine-like share
 
{{hc|/etc/netatalk/AppleVolumes.default|...<br><path_to_share> <sharename> allow:<username> options:usedots,upriv,tm}}
 
* The {{Ic|volsizelimit:<limit_in_whole_mebibytes>}} argument can be useful here to limit the total space reported to TimeMachine.
 
* If you wish to turn off "home" shares, change the {{Ic|~}} line to {{Ic|#~}}.
 
{{Warning|Avoid nesting volumes, and do not share directories by any other protocol. All file changes must be made via afpd only}}
 
 
==IP Tables==
 
==IP Tables==
If you use the iptables package for firewall services, consider adding the following: (replace {{Ic|-I}} with {{Ic|-A}} as necessary)
+
If you use the [[iptables]] package for firewall services, consider adding the following: (replace {{Ic|-I}} with {{Ic|-A}} as necessary)
 
{{hc|Bonjour/Zeroconf|iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
 
{{hc|Bonjour/Zeroconf|iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
 
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT}}
 
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT}}
Line 64: Line 59:
 
==Enable Bonjour/Zeroconf==
 
==Enable Bonjour/Zeroconf==
 
Bonjour/Zeroconf is now a requirement of netatalk and is compiled by default. No configuration is necessary, netatalk will register its own services using the dbus link. Make sure you set {{Ic|-mimicmodel}} to the desired string (see {{Ic|/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist}} on a Mac for a full list).
 
Bonjour/Zeroconf is now a requirement of netatalk and is compiled by default. No configuration is necessary, netatalk will register its own services using the dbus link. Make sure you set {{Ic|-mimicmodel}} to the desired string (see {{Ic|/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist}} on a Mac for a full list).
 +
 +
You may need to enable and/or start {{ic|avahi-daemon.service}} [[systemd#Using units|using systemd]] if it is not running yet.

Latest revision as of 01:36, 28 November 2016

Netatalk is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers.

Installation

Netatalk can be installed with the netatalkAUR package.

Configuration

Enable and/or start netatalk.service using systemd.

Besides the configuration files that are installed (and checked during upgrade), netatalk may generate two files /etc/netatalk/afp_signature.conf or /var/state/netatalk/afp_signature.conf which holds the system UUID, and /etc/netatalk/afp_voluuid.conf or /var/state/netatalk/afp_voluuid.conf which holds volume UUIDs for TimeMachine. These files may remain after package removal and should be kept in most cases to disambiguate the services broadcast over the local network.

Netatalk 3.x uses a single configuration file, /etc/afp.conf. See man afp.conf and the following example (make sure processes have write access to afpd.log):

/etc/afp.conf
[Global]
 mimic model = TimeCapsule6,106
 log level = default:warn
 log file = /var/log/afpd.log
 hosts allow = 192.168.1.0/16

[Homes]
 basedir regex = /home

[TimeMachine]
 path = /mnt/timemachine
 valid users = tmuser
 time machine = yes

[Shared Media]
 path = /srv/share/media
 valid users = joe sam
Warning: Avoid using symbolic links in afp.conf

Guest access

In order to allow guest read-only access to your shared folders, add following line to the [Global] section:

/etc/afp.conf
[Global]
uam list = uams_guest.so

To allow guest read/write access, first, allow read-only access as in the previous example and then add following lines to a particular share section:

/etc/afp.conf
[Your Share]
path = /mnt/public/share
rwlist = nobody

IP Tables

If you use the iptables package for firewall services, consider adding the following: (replace -I with -A as necessary)

Bonjour/Zeroconf
iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
AFP
iptables -I INPUT -p tcp --dport afpovertcp -j ACCEPT
SLP
iptables -I INPUT -p tcp --dport slp -j ACCEPT
iptables -I OUTPUT -p tcp --dport slp -j ACCEPT
iptables -I INPUT -p udp --dport slp -j ACCEPT
iptables -I OUTPUT -p udp --dport slp -j ACCEPT
AppleTalk
iptables -I INPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT
iptables -I OUTPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT

Enable Bonjour/Zeroconf

Bonjour/Zeroconf is now a requirement of netatalk and is compiled by default. No configuration is necessary, netatalk will register its own services using the dbus link. Make sure you set -mimicmodel to the desired string (see /System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist on a Mac for a full list).

You may need to enable and/or start avahi-daemon.service using systemd if it is not running yet.