Differences
This shows you the differences between two versions of the page.
— | netatalk [2015/06/02 00:12] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== netatalk ====== | ||
+ | * [[Avahi]] | ||
+ | * [[Multicast DNS]] | ||
+ | * [[Network Fileshares]] | ||
+ | * [[OS X]] | ||
+ | * [[Samba]] | ||
+ | |||
+ | * [[http:// | ||
+ | * [[http:// | ||
+ | * [[https:// | ||
+ | * [[http:// | ||
+ | |||
+ | netatalk provides AFP network file sharing on Linux. | ||
+ | |||
+ | ==== Configuration ==== | ||
+ | |||
+ | Like Samba, netatalk appears to apply configuration changes without a restart. | ||
+ | |||
+ | === Global Configuration === | ||
+ | |||
+ | The global configuration defaults work fine. Here's some things you may want to change, with their defaults: | ||
+ | |||
+ | < | ||
+ | [Global] | ||
+ | zeroconf = yes | ||
+ | log file = / | ||
+ | log level = info | ||
+ | </ | ||
+ | |||
+ | === Volume Configuration === | ||
+ | |||
+ | Volumes are added in '' | ||
+ | |||
+ | < | ||
+ | [afp-share] | ||
+ | path = / | ||
+ | </ | ||
+ | |||
+ | To add valid or invalid users, seperate with a space or comma. | ||
+ | |||
+ | < | ||
+ | valid users = user-one @afp-users | ||
+ | invalid users = user-two | ||
+ | </ | ||
+ | |||
+ | Netatalk will use filesystem extended attributes by default to store information about the files. | ||
+ | |||
+ | < | ||
+ | appledouble = ea | ||
+ | </ | ||
+ | |||
+ | == Volume Permissions == | ||
+ | |||
+ | Permissions are a little tricky, in how they are set and how they seem to be working. | ||
+ | |||
+ | First, set the group sticky bit on the parent directory (or on all the directories if you are using an existing set of directories): | ||
+ | |||
+ | < | ||
+ | chmod g+s / | ||
+ | </ | ||
+ | |||
+ | Also set the correct group write permissions: | ||
+ | |||
+ | < | ||
+ | chmod 2775 / | ||
+ | </ | ||
+ | |||
+ | Next, add this to the '' | ||
+ | |||
+ | < | ||
+ | valid users = @afp-users | ||
+ | file perm = 0660 | ||
+ | directory perm = 0770 | ||
+ | </ | ||
+ | |||
+ | Now, the permissions set here in the configuration file, and the ones you'll see on the filesystem from Linux look different. | ||
+ | |||
+ | === Connecting to a share === | ||
+ | |||
+ | When connecting to a share from Finder, netatalk will allow you to send the UNIX display name ('User One') or the UNIX username (' | ||
+ | |||
+ | If there is only one share, Finder will automatically connect to that one. | ||
+ | |||
+ | If there are multiple volumes, Finder will only display the ones that the user has permissions to access -- either read write or read only. | ||
+ | |||
+ | === Reload Configuration === | ||
+ | |||
+ | Making changes to the '' | ||
+ | |||
+ | < | ||
+ | pkill --signal SIGHUP afpd | ||
+ | </ | ||
+ | |||
+ | === Logs === | ||
+ | |||
+ | See [[logrotate]] for settings for netatalk. | ||
+ | ==== Kernel Configuration ==== | ||
+ | |||
+ | For avahi to work properly, turn on IP Multicasting (CONFIG_IP_MULTICAST) | ||
+ | |||
+ | ==== Firewall ==== | ||
+ | |||
+ | AppleTalk runs on port 548 over TCP. | ||
+ | |||
+ | Avahi needs to multicast on UDP port 5353 to 224.0.0.251 | ||
+ | |||
+ | < | ||
+ | # AppleTalk | ||
+ | $iptables -A INPUT -p tcp --dport 548 -j ACCEPT | ||
+ | # Multicast DNS / Avahi | ||
+ | $iptables -A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT | ||
+ | $iptables -A OUTPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT | ||
+ | </ | ||
+ | |||
+ | ==== Special Files ==== | ||
+ | |||
+ | |||
+ | === .DS_Store === | ||
+ | |||
+ | * [[https:// | ||
+ | * [[http:// | ||
+ | |||
+ | The '' | ||
+ | |||
+ | You can disable OS X from creating them on remote network shares, by running this command: | ||
+ | |||
+ | < | ||
+ | defaults write com.apple.desktopservices DSDontWriteNetworkStores true | ||
+ | </ | ||
+ | |||
+ | You will then need to either log out and back in or restart the OS X computer before the changes take affect. | ||
+ | |||
+ | === .TemporaryItems === | ||
+ | |||
+ | This directory is created with permissions 3777 when a user unpacks a ZIP archive onto the network share. | ||
+ | |||
+ | |||
+ | ==== Notes ===== | ||
+ | |||
+ | == Samba == | ||
+ | |||
+ | If running Samba alongside of netatalk, the hostnames need to be different for Samba. | ||
+ | |||
+ | == Display connected users == | ||
+ | |||
+ | < | ||
+ | macusers | ||
+ | </ | ||
+ | |||
+ | === Server Information === | ||
+ | |||
+ | Run '' | ||
+ | |||
+ | < | ||
+ | AFP reply from localhost: | ||
+ | Flags: 1 Cmd: 3 ID: 57005 | ||
+ | Reply: DSIGetStatus | ||
+ | Request ID: 57005 | ||
+ | Machine type: Netatalk3.0.5 | ||
+ | AFP versions: AFP2.2, | ||
+ | UAMs: DHX2, | ||
+ | Volume Icon & Mask: Yes | ||
+ | Flags: | ||
+ | SupportsCopyFile | ||
+ | SupportsServerMessages | ||
+ | SupportsServerSignature | ||
+ | SupportsTCP/ | ||
+ | SupportsSrvrNotifications | ||
+ | SupportsOpenDirectory | ||
+ | SupportsUTF8Servername | ||
+ | SupportsUUIDs | ||
+ | SupportsExtSleep | ||
+ | SupportsSuperClient | ||
+ | Server name: nas | ||
+ | Signature: | ||
+ | 2b cb 04 4b 00 15 38 ab 75 15 fb 52 a3 23 ca 5f +..K..8.u..R.# | ||
+ | | ||
+ | Network address: 192.168.12.22 (TCP/IP address) | ||
+ | UTF8 Servername: nas | ||
+ | </ |