17.2. Netatalk

With Netatalk, obtain a high-performance file and print server for MacOS clients. With it, access data on a Linux machine from a Macintosh or print to a connected printer. Netatalk is a suite of Unix programs that run on kernel-based DDP (Datagram Delivery Protocol) and implement the AppleTalk protocol family (ADSP, ATP, ASP, RTMP, NBP, ZIP, AEP, and PAP).

AppleTalk is, in effect, an equivalent to the more familiar protocol TCP (Transmission Control Protocol). It has counterparts to many TCP/IP-based services, including services for resolving host names and time synchronization. For example, the command aecho (AEP, AppleTalk Echo Protocol) is used instead of ping (ICMP ECHO_REQUEST, Internet Control Message Protocol).

The three daemons described below are normally started on the server:

Server directories can be exported with Netatalk at the same time as with Samba for Windows clients (see Section 17.1.1.2. “Clients”) and via NFS (see Section 14.9. “NFS — Shared File Systems”), which is very useful in heterogeneous network environments. This centralizes the management of data backup and user permissions on the Linux server.

There are a number of limitations when working with Netatalk:

17.2.1. Configuring the File Server

In the default configuration, Netatalk is already fully functional as a file server for home directories of the Linux system. To use the extended features, define some settings in the configuration files. These are located in the /etc/netatalk directory.

All configuration files are pure text files. Text that follows a hash mark # (comments) and empty lines can be disregarded. The various services (printing, Appletalk broadcast, Appletalk via TCP/IP, time server) can be activated through the file /etc/netatalk/netatalk.conf:

ATALKD_RUN=yes
PAPD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no

17.2.1.1. Configuring the Network — atalkd.conf

Define, in /etc/netatalk/atalkd.conf, over which interfaces services are provided. This is usually eth0. In the example file that comes with Netatalk, this is the case. Enter additional interfaces to use several network cards at the same time. When the server is started, it searches the network for existing zones and servers and modifies the corresponding lines by entering the set AppleTalk network addresses. You will then find a line such as

eth0 -phase 2 -net 0-65534 -addr 65280.57

at the end of the file. For more complex configurations, refer to examples in the configuration file. Find documentation about additional options in the manual page of afpd.

17.2.1.2. Defining File Servers — afpd.conf

The afpd.conf file contains definitions for how your file server appears on MacOS machines as an item under the Chooser dialog. As is the case with the other configuration files, these also contain detailed comments explaining the wide variety of options.

If you do not change anything here, the default server is simply started and displayed with the host name in the Chooser. Therefore, you do not necessarily need to enter anything. However, you can give additional file servers a variety of names and options here, for example, to provide a specific guest server on which everybody can save files as “guest”.

"Guest server" -uamlist uams_guest.so 

Define a server that denies guests access, but which is only accessible for users who already exist in the Linux system with:

"Font server" -uamlist uams_clrtxt.so,uams_dhx.so

This behavior is controlled by the option uamlist followed by a list of authentication modules to use separated by commas. If you do not provide this option, all procedures are active by default.

An AppleShare server not only provides its services by default via AppleTalk, but also via TCP/IP (encapsulated). The default port is 548. Assign dedicated ports to additional AppleShare servers (on the same machine) if these should also run via TCP. The availability of the service via TCP/IP enables access to the server even over non-AppleTalk networks, such as the Internet. In this case, the syntax would read:

"Font server" -uamlist uams_clrtxt.so,uams_dhx.so -port 12000

The AppleShare server, set to the port 12000, then appears in the network with the name Font server and does not allow guest access. In this way, it is also accessible via TCP/IP routers.

The file AppleVolumes.default (described in detail below) defines which directories located on the server are made available by each AppleShare server as network volumes. By using the -defaultvol option for a given AppleShare server, specify another file that defines different directories. The corresponding command (read as one line) is:

"Guest server" -uamlist uams_guest.so -defaultvol 
/etc/netatalk/AppleVolumes.guest

Further options are explained in the afpd.conf file itself.

17.2.1.3. Directories and Access Permissions — AppleVolumes.default

Here, define directories to export. The access permissions are defined with the customary Unix user and group permissions. This is configured in the AppleVolumes.default file. Along with AppleVolumes.default, additional files can be created, such as AppleVolumes.guest, used by some servers (by giving the option -defaultvol in the afpd.conf file. See the previous section).

[Important]Important

Here, the syntax has partially changed. Take this into consideration if you are updating this version from a previous one. For example, it is now allow: instead of access= (a typical symptom would be if, instead of the drive descriptions, you were to see a display of the drive options on the Mac clients in the Chooser). Because the new files are created with the .rpmnew endings during an update, it is possible that your previous settings may no longer function as a result of the modified syntax. Create backups of your configuration files, copy your old configuration into the new files, then rename these files to the proper names. This way, benefit from the current comments contained in the configuration files, which provide a detailed explanation of the options.

The example shown here:

/usr/local/psfonts "PostScript Fonts"
   

indicates that the Linux directory /usr/local/psfonts, located in the root directory, is available as an AppleShare volume with the name “PostScript Fonts”.

Options are separated by a space and attached to the end of a line. A very useful option is the access restriction:

/usr/local/psfonts "PostScript Fonts" allow:User1,@group0

This restricts access to the volume “PostScript Fonts” to the user “User1” and all members of the group “group0”. The users and groups entered here must be known to the Linux system. Likewise, explicitly deny users access with deny:User2. These restrictions only apply to access via AppleTalk and not to the normal access rights users have if they can log in to the server itself.

Netatalk maps the customary Resource Fork of MacOS files to .AppleDouble directories in the Linux file system. Using the noadouble option, set these directories to be created only when they are actually needed. The syntax is:

/usr/local/guests "Guests" options:noadouble

Additional options and features can be found in the explanations included in the file itself.

The tilde (~) in this configuration file stands for the home directory for each and every user on the server. This way, every user can easily access his home directory without each one being defined explicitly here. The example file installed already includes a tilde, which is why Netatalk makes the home directory available by default as long as you do not modify anything in this file.

afpd also searches for a file Applevolumes or .Applevolumes in the home directory of a user logged in to the system. Entries in this file supplement the entries in the server files AppleVolumes.system and AppleVolumes.default to enable individual type and creator file settings and to access specific directories. These entries are extensions and do not allow access for the user for whom access permission is denied from the server side.

The netatalk.pamd file is used, via PAM (pluggable authentication modules), for authentication purposes. Using PAM is, however, irrelevant in this context.

17.2.1.4. File Specifications — AppleVolumes.system

In the AppleVolumes.System file, define which customary MacOS type and creator specifications are assigned to certain file endings. An entire series of default values are already predefined. If a file is displayed by a generic white icon, there is not yet an entry for it in this file. If you encounter a problem with a text file belonging to another system, which cannot be opened properly in MacOS or vice versa, check the entries there.

17.2.2. Configuring the Print Server

Make a laserwriter service available by configuring the papd.conf file. The printer must be already functioning locally with lpd, so configure a printer as described in Chapter 5. Printer Operation. If you can print a text file locally using the command lpr file.txt, the first step has been successfully completed.

You do not necessarily need to enter anything in papd.conf if a local printer is configured in Linux, because print jobs can simply be forwarded to the print daemon lpd without additional settings. The printer registers itself in the AppleTalk network as Laserwriter. You can, however, extend your printer entries as follows:

Printer_Reception:pr=lp:pd=/etc/netatalk/kyocera.ppd

This causes the printer named Printer_Reception to appear as a Chooser item. The corresponding printer description file is usually provided by the vendor. Otherwise, refer to the file Laserwriter located in the System Extensions folder. However, when using this file you often cannot use all of the printer's features.

17.2.3. Starting the Server

The server can be started at system boot time via its init script or manually with rcatalk start. The init script is located at /etc/init.d/netatalk. The actual starting of the server takes place in the background. It takes about a minute until the AppleTalk interfaces are set up and responsive. Check for the status as shown in the following (all servers are running if OK is reported three times):

rcatalk status
   
Checking for service atalk:OKOKOK
  

From a Mac running MacOS, check for AppleTalk activation, choose Filesharing, then double-click AppleShare. The names of the servers should then appear in the window. Double-click a server and log in. It should then be possible to access a shared volume.

The procedure is a bit different for AppleShare servers configured to use TCP only (and no DDP). To connect, press Server IP address and enter the respective IP address. If necessary, append the port number, separated by a colon (:).

17.2.4. Additional Information

To take full advantage of all the options Netatalk offers, read the corresponding manual pages. Find them by entering the command rpm -qd netatalk. The /etc/netatalk/netatalk.conf file is not used in our Netatalkversion, so disregard it. Helpful URLs: