Netatalk: Difference between revisions
TroyLiu0105 (talk | contribs) m (Add simplified chinese link) |
m (→Configuration: Use Template:man) |
||
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[[Category:Networking]] | [[Category:Networking]] | ||
[[ja:Netatalk]] | |||
[[ru:Netatalk]] | [[ru:Netatalk]] | ||
[[zh-hans:Netatalk]] | [[zh-hans:Netatalk]] | ||
[http://netatalk.sourceforge.net/ Netatalk] is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers. | [http://netatalk.sourceforge.net/ Netatalk] is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers. | ||
Line 9: | Line 9: | ||
[[Install]] the {{AUR|netatalk}} package. | [[Install]] the {{AUR|netatalk}} package. | ||
==Configuration== | == Configuration == | ||
[[Start/enable]] {{ic|netatalk.service}}. | |||
Besides the configuration files that are installed (and checked during upgrade), netatalk may generate two files {{Ic|/etc/netatalk/afp_signature.conf}} or {{Ic|/var/state/netatalk/afp_signature.conf}} which holds the system UUID, and {{Ic|/etc/netatalk/afp_voluuid.conf}} or {{Ic|/var/state/netatalk/afp_voluuid.conf}} which holds volume UUIDs for TimeMachine. These files may remain after package removal and should be kept in most cases to disambiguate the services broadcast over the local network. | Besides the configuration files that are installed (and checked during upgrade), netatalk may generate two files {{Ic|/etc/netatalk/afp_signature.conf}} or {{Ic|/var/state/netatalk/afp_signature.conf}} which holds the system UUID, and {{Ic|/etc/netatalk/afp_voluuid.conf}} or {{Ic|/var/state/netatalk/afp_voluuid.conf}} which holds volume UUIDs for TimeMachine. These files may remain after package removal and should be kept in most cases to disambiguate the services broadcast over the local network. | ||
Netatalk 3.x uses a single configuration file, {{ic|/etc/afp.conf}}. See {{ | Netatalk 3.x uses a single configuration file, {{ic|/etc/afp.conf}}. See {{man|5|afp.conf|url=https://netatalk.sourceforge.io/3.0/htmldocs/afp.conf.5.html}} and the following example (make sure processes have write access to {{ic|afpd.log}}): | ||
{{hc|/etc/afp.conf|<nowiki> | {{hc|/etc/afp.conf|<nowiki> | ||
[Global] | [Global] | ||
Line 35: | Line 36: | ||
</nowiki>}} | </nowiki>}} | ||
{{Warning|Avoid using symbolic links in {{ic|afp.conf}}}} | {{Warning|Avoid using symbolic links in {{ic|afp.conf}}}} | ||
===Guest access=== | |||
=== Guest access === | |||
In order to allow guest '''read-only''' access to your shared folders, add following line to the {{ic|[Global]}} section: | In order to allow guest '''read-only''' access to your shared folders, add following line to the {{ic|[Global]}} section: | ||
{{hc|/etc/afp.conf|<nowiki> | {{hc|/etc/afp.conf|<nowiki> | ||
Line 48: | Line 51: | ||
</nowiki>}} | </nowiki>}} | ||
== | == iptables == | ||
If you use the [[iptables]] package for firewall services, consider adding the following: (replace {{Ic|-I}} with {{Ic|-A}} as necessary) | If you use the [[iptables]] package for firewall services, consider adding the following: (replace {{Ic|-I}} with {{Ic|-A}} as necessary) | ||
{{hc|Bonjour/Zeroconf|iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT | {{hc|Bonjour/Zeroconf|iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT | ||
Line 60: | Line 64: | ||
iptables -I OUTPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT}} | iptables -I OUTPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT}} | ||
==Enable Bonjour/Zeroconf== | == Enable Bonjour/Zeroconf == | ||
Bonjour/Zeroconf is now a requirement of netatalk and is compiled by default. No configuration is necessary, netatalk will register its own services using the dbus link. Make sure you set {{Ic|-mimicmodel}} to the desired string (see {{Ic|/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist}} on a Mac for a full list). | Bonjour/Zeroconf is now a requirement of netatalk and is compiled by default. No configuration is necessary, netatalk will register its own services using the dbus link. Make sure you set {{Ic|-mimicmodel}} to the desired string (see {{Ic|/System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist}} on a Mac for a full list). | ||
You may need to enable | You may need to [[start]] and [[enable]] {{ic|avahi-daemon.service}} if it is not running yet. |
Latest revision as of 10:27, 8 August 2022
Netatalk is a free, open-source implementation of the Apple Filing Protocol (AFP). It allows Unix-like operating systems to serve as file servers for Macintosh computers.
Installation
Install the netatalkAUR package.
Configuration
Start/enable netatalk.service
.
Besides the configuration files that are installed (and checked during upgrade), netatalk may generate two files /etc/netatalk/afp_signature.conf
or /var/state/netatalk/afp_signature.conf
which holds the system UUID, and /etc/netatalk/afp_voluuid.conf
or /var/state/netatalk/afp_voluuid.conf
which holds volume UUIDs for TimeMachine. These files may remain after package removal and should be kept in most cases to disambiguate the services broadcast over the local network.
Netatalk 3.x uses a single configuration file, /etc/afp.conf
. See afp.conf(5) and the following example (make sure processes have write access to afpd.log
):
/etc/afp.conf
[Global] mimic model = TimeCapsule6,106 log level = default:warn log file = /var/log/afpd.log hosts allow = 192.168.1.0/16 [Homes] basedir regex = /home [TimeMachine] path = /mnt/timemachine valid users = tmuser time machine = yes [Shared Media] path = /srv/share/media valid users = joe sam
afp.conf
Guest access
In order to allow guest read-only access to your shared folders, add following line to the [Global]
section:
/etc/afp.conf
[Global] uam list = uams_guest.so
To allow guest read/write access, first, allow read-only access as in the previous example and then add following lines to a particular share section:
/etc/afp.conf
[Your Share] path = /mnt/public/share rwlist = nobody
iptables
If you use the iptables package for firewall services, consider adding the following: (replace -I
with -A
as necessary)
Bonjour/Zeroconf
iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT
AFP
iptables -I INPUT -p tcp --dport afpovertcp -j ACCEPT
SLP
iptables -I INPUT -p tcp --dport slp -j ACCEPT iptables -I OUTPUT -p tcp --dport slp -j ACCEPT iptables -I INPUT -p udp --dport slp -j ACCEPT iptables -I OUTPUT -p udp --dport slp -j ACCEPT
AppleTalk
iptables -I INPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT iptables -I OUTPUT -p tcp -m multiport --dport at-rtmp,at-nbp,at-echo,at-zis -j ACCEPT
Enable Bonjour/Zeroconf
Bonjour/Zeroconf is now a requirement of netatalk and is compiled by default. No configuration is necessary, netatalk will register its own services using the dbus link. Make sure you set -mimicmodel
to the desired string (see /System/Library/CoreServices/CoreTypes.bundle/Contents/Info.plist
on a Mac for a full list).
You may need to start and enable avahi-daemon.service
if it is not running yet.