Установка Netatalk (AFP) на OpenSUSE

Материал из RSU WiKi
Перейти к: навигация, поиск
Tower of babel.png外國 language!
В статье используется несколько языков. Необходимо использовать один. Совсем неплохо, если это будет русский.
Mac2linux.jpg
В статье рассмотрен процесс установки AFP (Apple File Protocol) с поддержкой TimeMachine на OpenSUSE Linux. После установки и настройки всех необходимых пакетов система Linux будет общаться по сети с компьютерами Macintosh по родному протоколу, отображаться в сетевом окружении Finder'a, а так же будет возможно подключение сетевого диска Linux к TimeMachine без дополнительных настроек и "хаков" мака.

Содержание

Netatalk Installation Process (OpenSUSE 11.4)

Install Netatalk (AFP Services)

Add new software repository:

sudo zypper ar http://download.opensuse.org/repositories/network/openSUSE_11.4
sudo zypper ref

Install latest Netatalk package:

sudo zypper in netatalk

Configure Netatalk

Login as root:

su – 
[enter root password]

Turn Off un-needed Netatalk services by editing the Netatalk configuration file.

First, open Netatalk config file:

vim /etc/netatalk/netatalk.conf

Next, turn on the daemons for services you need by changing their status to “yes”.

The daemons section of your Netatalk configuration file should look like this (For AFP file sharing to work, afpd_run, and cnid_metad_run must be set to “yes”):

# Netatalk configuration

#########################################################################
# Global configuration
#########################################################################

#### machine's AFPserver/AppleTalk name.
ATALK_NAME=machinename

#### server (unix) and legacy client (<= Mac OS 9) charsets
ATALK_UNIX_CHARSET='LOCALE'
ATALK_MAC_CHARSET='MAC_ROMAN'

#### Don't Edit. export the charsets, read form ENV by apps
export ATALK_UNIX_CHARSET
export ATALK_MAC_CHARSET

#########################################################################
# AFP specific configuration
#########################################################################

#### Set which daemons to run.
#### If you use AFP file server, run both cnid_metad and afpd.
CNID_METAD_RUN=yes
AFPD_RUN=yes

#### maximum number of clients that can connect:
#AFPD_MAX_CLIENTS=20

#### UAMs (User Authentication Modules)
#### available options: uams_dhx.so, uams_dhx2.so, uams_guest.so,
####                    uams_clrtxt.so(legacy), uams_randnum.so(legacy)
#AFPD_UAMLIST="-U uams_dhx.so,uams_dhx2.so"

#### Set the id of the guest user when using uams_guest.so
#AFPD_GUEST=nobody

#### config for cnid_metad. Default log config:
#CNID_CONFIG="-l log_note"

#########################################################################
# AppleTalk specific configuration (legacy)
#########################################################################

#### Set which legacy daemons to run.
#### If you need AppleTalk, run atalkd.
#### papd, timelord and a2boot are dependent upon atalkd.
ATALKD_RUN=no
PAPD_RUN=no
TIMELORD_RUN=no
A2BOOT_RUN=no

#### Control whether the daemons are started in the background.
#### If it is dissatisfied that legacy atalkd starts slowly, set "yes".
#### In case using systemd/systemctl, this is not so significant.
#ATALK_BGROUND=no

#### Set the AppleTalk Zone name.
#### NOTE: if your zone has spaces in it, you're better off specifying
####       it in atalkd.conf
#ATALK_ZONE=@zone
#AFPD_OPTIONS=

Service Descriptions:

atalkd:         Enables AppleTalk (Pre-OSX file sharing)
papd_run:       Enables Printer Server
cnid_metad_run: Enables the Catalog Node ID database for (Required)
afpd_run:       Enables AFP File Sharing (Required)
timelord:       Enables Network Time Server
a2boot_run:     Enables Apple II Netboot Server

Once you’ve enabled CNID and AFPD, save and close the file.

Configure AFP

First, open AFPD config file:

vim /etc/netatalk/afpd.conf

AFP in modern versions of OS X requires SSH authentication. To add SSH, paste the following line at the very bottom of the configuration file. If a variation of it already exists, paste this line over it. This is one line, so make sure there are no line breaks or returns included anywhere.

- -transall -uamlist uams_randnum.so,uams_dhx2.so -nosavepassword -advertise_ssh

When finished, the last three lines of the AFPD.conf file should look like this:

# default:
# - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword
- -transall -uamlist uams_randnum.so,uams_dhx2.so -nosavepassword -advertise_ssh

Once you’ve added the entry to enable SSH, save and close the file.

Configure AFP Volumes.

The volumes you want to share via AFP need to be entered in the AppleVolumes.default configuration file. Some day it would be great if there were a way to handle this via GUI, but for now editing the configuration file is the only way to accomplish this.

First, open the AppleVolumes.default config file:

vim /etc/netatalk/AppleVolumes.default

AFP Volumes are created at the very bottom of the config file using this format:

/path/to/fileshare ShareName allow:user1,user2 cnidscheme:dbd options:usedots,upriv

Where:

/path/to/fileshare = The path to the directory you need to share via AFP.

The path needs to be absolute and will usually look something like:

/media/VolumeName/path/to/fileshare

A good way to find out what your path begins with is to go to Computer > More Applications > Disk Utility, then highlight the volume you want to share in the Storage Devices pane. To share the entire volume, simply use the path shown in the “Mount Point” field under Volumes. To share a more specific folder, append the path to that folder to what is listed in Mount Point. If there is nothing listed under Mount Point, make sure the volume is formatted (as Ext3, Ext4, etc) and mounted. Linux volumes do not mount automatically, unless you have added auto-mount entries for them in /etc/fstab (single disks and hardware RAID volumes) or the mdadm.conf file (software RAID “MD” volumes).

ShareName = The custom name you want to present the file share as over your network.

allow:user1,user2 = The names of users you want to allow access to the share. Do not include any spaces between names. If you omit this entry completely, any user or group will be able to access the share.

  • For individual users: enter the user’s shortname, i.e. administrator
  • For Groups: add “@” to the beginning of the group’s shortname, i.e. @graphicsdept
cnidscheme:cdb = The database type used by AFP to track file sharing transactions.

There are two types of CNID Schemes:

  • cdb: or “concurrent database”. With this method, several afpd daemons access the CNID database directly. The primary drawback is, that the crash of a single afpd process might corrupt the database.
  • dbd: Access to the CNID database is restricted to a single cnid_dbd daemon process. afpd processes communicate only with the daemon for database reads and updates which makes the probability of database corruption near zero. As a database process gets spawned for each volume, you’re probably better off using cdb for filesharing to a large number of users.

This is the default backend starting with Netatalk 2.1.

Options:

  • usedots = Allows the forked resource files used in Apple HFS+ file systems to be correctly interpreted and stored as invisible files. If this option is omitted, the normally invisible resource files beginning with “._” will be mis-interpreted as linux :2e files which will render them un-useable.
  • upriv = (…Unix Privileges) Allows support for AFP3 Unix privileges used in OS X 10.5 and up. This is beneficial, but must be omitted if you have any OS X 10.4 Tiger or earlier clients connecting via AFP to the file share.

Example AFP Volume Entry

If you wanted to share a folder called “graphics” on a volume called “InternalRAID”, presented over the network as “Graphics”, and allow the “administrator” user and “graphicsdept” group to access it, the AFP Volume entry would look like:

~/ "$u" allow:foboss,vlad cnidscheme:dbd
/storage/TimeMachine  TimeMachine   allow:linuxusername,@groupname cnidscheme:dbd volsizelimit:500000 options:tm,usedots,upriv
/storage/share        Share         allow:linuxusername,@groupname cnidscheme:dbd options:usedots,upriv
/storage/music        Music         allow:linuxusername,@groupname cnidscheme:dbd options:usedots,upriv
/storage/pictures     Pictures      allow:linuxusername,@groupname cnidscheme:dbd options:usedots,upriv
/storage/video        Video         allow:linuxusername,@groupname cnidscheme:dbd options:usedots,upriv

Restart Netatalk.

rcnetatalk start

Check Netatalk Status

rcnetatalk status

Once Netatalk is restarted, the share will be available over the network. To connect to it from your Mac’s Finder, use Go > Connect to Server, then type in “afp://(server ip address or hostname) and click Connect. Assuming your file share and connection to the network is configured correctly, the share points you created in AppleVolumes.default will appear after you type in your user name and password for the server. If you would like to be able to “browse” to your file share in Finder or Connect to Server, you’ll need to enable broadcasting on your server.

Do not forget to add netatalk to init.d:

insserv netatalk

Enabling Bonjour-style broadcasting of the fileshare using Avahi

Avahi is the open-source equivalent of Bonjour and by installing it you’ll be able to broadcast the presence of your AFP file share over the network. This will allow AFP to show up as an available server in your Finder sidebar or via the Browse button in Connect to Server.

Install Avahi (if not included in base install already)

Via Add/Remove Software Manger:

Go to Computer > Install/ Remove Software

  • Search for “avahi”
  • Highlight the Avahi package, Right-Click > Install. Click Apply.
  • Agree to any additional packages that need to be installed.
  • Agree to user agreement.
  • Click Apply.

Turn on MDNS

Open the nsswitch.conf file:

vim /etc/nsswitch.conf

Add “mdns” to the end of the “hosts:” line so that it looks like this:

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns

Once you’ve added the entry to enable MDNS, save and close the file.

Configure Avahi

Open the afpd.service file:

vim /etc/avahi/services/afpd.service

This will open a blank document. Paste in the following text and save. Make sure the text is pasted starting at the very top-left. If there are any lines or spaces before “<?xml..” the xml configuration data will not be read correctly by the service.

<?xml version="1.0" standalone='no'?><!–*-nxml-*–>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>

You can change the representative icon that appears in the Finder sidebar by changing “Xserve” in <txt-record>model=Xserve</txt-record> to one of the following:

  • MacPro
  • MacBookPro
  • MacBookAir
  • MacBook
  • MacMini
  • PowerMac
  • PowerBook
  • iMac
  • AppleTV1,1
  • Airport

Additionally you can make avahi advertise other services on your mac

rfb.service for screensharing without chickenvnc

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_rfb._tcp</type>
<port>5901</port>
</service>
</service-group>

Save the file and restart Avahi

rcavahi-daemon restart

And you’re done. Your AFP fileshare should now be available to other Macs on your network as an icon representing your server in the side bar of your Finder Window.

Do not forget to add Avahi to init.d:

insserv avahi-daemon

Troubleshooting

nbp_rgstr: Connection timed out

Apparently because i have VMware server installed, I had to add

eth0

to /etc/netatalk/atalkd.conf

Cannot find module named [cdb] in registered module list!

After coming back from holiday where I made lots of photos and videos, I needed the possibility to import all those from SD cards to my fileserver running Debian unstable. To import the photos I used Digikam on Linux, that was no problem. But for the videos I needed iMovie and/or FinalCut Express on my Mac. I've looked into Kino and Cinelerra, but those Linux apps are awful.

The problem was that iMovie is able to directly import from our Panasonic HD camcorder to the network storage. I was always forced to first import the fotoage to the drive in my MacBook Pro and copy it then to the Linux box onto a Samba share. The solution for that problem is to use netatalk/AFP. The Linux box appears as a Mac Xserve then.

However, I quickly found some HowTos for configuring netatalk. One HowTo is from Mike Hughes and the other one can be found on disgruntled-dutch.com. If you follow these two HowTos you're quite close to have a working AFP service to interact with your Mac via Bonjour/Avahi.

There are mainly two problems when you follow them. First, Mike Hughes has some illegal chars in his sample /etc/avahi/services/afpd.servicefile:

<!DOCTYPE service-group SYSTEM “avahi-service.dtd”>
<service-group>
<name replace-wildcards=”yes”>%h</name>

The quotation marks are the problem. Instead of ” you'll need normal " quotation marks. Or you can use the file on disgruntled-dutch.com.

Next problem is the configuration of the shares. On both sites the examples are using cdb as CNID backend:

~/                      "Home Directory"        cnidscheme:cdb options:usedots,upriv

But this will give the following error:

Aug  3 23:30:29 muaddib afpd[8151]: Can't open volume "/home/ij" CNID backend "cdb"
Aug  3 23:31:26 muaddib afpd[8151]: Cannot find module named [cdb] in registered module list!

The solution can be found on forum.ubuntuusers.de (German): you'll need to change the cdb to dbd. So, the Home Directory share will look like this then:

~/                      "Home Directory"        cnidscheme:dbd options:usedots,upriv

Quite simple and easy. Now restart your avahi-daemon and netatalk services and have fun! When you want to use a share on your Linux server for TimeMachine backups, you'll need to add a "tm" to the options of your share.

Mac OSX Lion and AFP shares

Like most Apple Mac users this week, I updated from 10.6 Snow Leopard to 10.7 Lion of Apples operating system. Everything seemed to go fine, I noticed a few little quirks, but the one that gave me the biggest “Oh no, can I go back!?” was when I tried mounting my AFP share on my FreeNAS server.

iMac:~ kristijan$ mount_afp -i afp://kristijan@nas/Media ./Media/
Password: 
mount_afp: AFPMountURL returned error -5002, errno is -5002

For those that use the “Connect to server…” option from Finder would have come across the following pop up error message: “The version of the server you are trying to connect to is not supported. Please contact your system administrator to resolve the problem.”

So after some searching around, I found out that OSX Lion no longer supports AFP (and SMB/CIFS) servers which use the DHCAST128 authentication method. Apple flagged this is a security risk, and outright disabled it in Lion. Now I could have just scrapped AFP all together and started using NFS shares, but AFP just works a hell of a lot better with OSX clients.

Some more searching found this page[1], and a solution to my problem. Full credits to this solution go to Alexander Wilde.

Follow the below to enable DHCAST128 under Mac OSX Lion

Launch Terminal.app (/Applications/Utilities/Terminal.app) and run the following two commands.

iMac:~ kristijan$ sudo chmod o+w /Library/Preferences
Password:
iMac:~ kristijan$ defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1

Now restart your computer.

Launch Terminal.app or Finder and attempt to mount the AFP share again. This will fail, but what it will do is recreate the full preferences file.

iMac:~ kristijan$ mount_afp -i afp://kristijan@nas/Media ./Media/
Password: 
mount_afp: AFPMountURL returned error -5002, errno is -5002

Now run the following two commands.

iMac:~ kristijan$ sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange"
Password:
iMac:~ kristijan$ sudo chmod o-w /Library/Preferences

Restart your computer and mount the AFP share again, it should now work.

Примечания

  1. http://www.alexanderwilde.com/2011/04/os-x-lion-connection-error-with-afp-and-workaround

См. также

Ссылки

Личные инструменты
Пространства имён

Варианты
Действия
Навигация
Инструменты