====== netatalk ======

  * [[Avahi]]
  * [[Multicast DNS]]
  * [[Network Fileshares]]
  * [[OS X]]
  * [[Samba]]

  * [[http://netatalk.sourceforge.net/wiki/index.php/Main_Page|Netatalk wiki]]
  * [[http://netatalk.sourceforge.net/3.0/htmldocs/afp.conf.5.html|afp.conf man page]]
  * [[https://developer.apple.com/library/mac/documentation/Networking/Conceptual/AFP/Introduction/Introduction.html|Apple Filing Protocol Programming Guide]]
  * [[http://news.gmane.org/gmane.network.netatalk.user|netatalk.user mailing list]]

netatalk provides AFP network file sharing on Linux.

==== Configuration ====

Like Samba, netatalk appears to apply configuration changes without a restart.

=== Global Configuration ===

The global configuration defaults work fine.  Here's some things you may want to change, with their defaults:

<code>
[Global]
zeroconf = yes
log file = /var/log/netatalk.log
log level = info
</code>

=== Volume Configuration ===

Volumes are added in ''afp.conf'' with section headers.

<code>
[afp-share]
path = /var/afp/share
</code>

To add valid or invalid users, seperate with a space or comma.  Groups have a prefix of @.

<code>
valid users = user-one @afp-users
invalid users = user-two
</code>

Netatalk will use filesystem extended attributes by default to store information about the files.

<code>
appledouble = ea
</code>

== Volume Permissions ==

Permissions are a little tricky, in how they are set and how they seem to be working.  Here's how to setup a volume share where all files and directories are owned by one group, so that users in this group can read / write.

First, set the group sticky bit on the parent directory (or on all the directories if you are using an existing set of directories):

<code>
chmod g+s /var/afp/share
</code>

Also set the correct group write permissions:

<code>
chmod 2775 /var/afp/share
</code>

Next, add this to the ''afp.conf'' entry for the volume:

<code>
valid users = @afp-users
file perm = 0660
directory perm = 0770
</code>

Now, the permissions set here in the configuration file, and the ones you'll see on the filesystem from Linux look different.  For example, the directory may be set to 2775, and the file to 0664.  It's fine, though, don't worry about it.  The users in the group will still be able to write to it just fine.

=== Connecting to a share ===

When connecting to a share from Finder, netatalk will allow you to send the UNIX display name ('User One') or the UNIX username ('userone').

If there is only one share, Finder will automatically connect to that one.

If there are multiple volumes, Finder will only display the ones that the user has permissions to access -- either read write or read only.

=== Reload Configuration ===

Making changes to the ''afp.conf'' file and exiting will reload the AFPD process.  Optionally, send the ''SIGHUP'' signal via kill:

<code>
pkill --signal SIGHUP afpd
</code>

=== Logs ===

See [[logrotate]] for settings for netatalk.  The ''copyrotate'' setting needs to be used.
==== Kernel Configuration ====

For avahi to work properly, turn on IP Multicasting (CONFIG_IP_MULTICAST)

==== Firewall ====

AppleTalk runs on port 548 over TCP.

Avahi needs to multicast on UDP port 5353 to 224.0.0.251

<code>
# AppleTalk
$iptables -A INPUT -p tcp --dport 548 -j ACCEPT
# Multicast DNS / Avahi
$iptables -A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
$iptables -A OUTPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
</code>

==== Special Files ====


=== .DS_Store ===

  * [[https://en.wikipedia.org/wiki/.DS_Store|Wikipedia entry]]
  * [[http://support.apple.com/kb/HT1629|Apple Support]] - how to disable .DS_Store on network shares

The ''.DS_Store'' file is created by Finder in every directory that it encounters.  It stores metadata for Finder about how to display files: order, icon, etc.  They can be safely removed.

You can disable OS X from creating them on remote network shares, by running this command:

<code>
defaults write com.apple.desktopservices DSDontWriteNetworkStores true
</code>

You will then need to either log out and back in or restart the OS X computer before the changes take affect.

=== .TemporaryItems ===

This directory is created with permissions 3777 when a user unpacks a ZIP archive onto the network share.  It is not deleted when the accompanying archive file is removed.


==== Notes =====

== Samba ==

If running Samba alongside of netatalk, the hostnames need to be different for Samba.  Otherwise, you will see ''HOSTNAME'' in caps in Mac OS X's network shares, which is replacing the AppleShare connection.

== Display connected users ==

<code>
macusers
</code>

=== Server Information ===

Run ''asip-status.pl localhost'' to display what the AFPD supports:

<code>
AFP reply from localhost:548
Flags: 1  Cmd: 3  ID: 57005
Reply: DSIGetStatus
Request ID: 57005
Machine type: Netatalk3.0.5
AFP versions: AFP2.2,AFPX03,AFP3.1,AFP3.2,AFP3.3
UAMs: DHX2,DHCAST128
Volume Icon & Mask: Yes
Flags: 
    SupportsCopyFile
    SupportsServerMessages
    SupportsServerSignature
    SupportsTCP/IP
    SupportsSrvrNotifications
    SupportsOpenDirectory
    SupportsUTF8Servername
    SupportsUUIDs
    SupportsExtSleep
    SupportsSuperClient
Server name: nas
Signature:
2b cb 04 4b 00 15 38 ab 75 15 fb 52 a3 23 ca 5f  +..K..8.u..R.#._
                                                  
Network address: 192.168.12.22 (TCP/IP address)
UTF8 Servername: nas
</code>