nbalonso.com

AFP Shares From Linux

| Comments

EDIT: There is a newer version of the package here

Posted originally @ afp548

Let’s face it, OS X makes a great stable client platform but the server components do not scale well. That is probably why most big companies rely on some other component to have the infrastructure and then us, the Mac admins, spend a lot of time on the integration. For those with Linux servers here is a quick guide of how to serve files using the afp protocol from a Linux box. For this guide I’ll be using the RHEL rebuild CentOS.

Last year the guys from the netatalk project released the 3.0 version of their AFP server. This third version came out with support for AppleDouble metadata, removing support for AppleTalk and making much easier the configuration process. Needless to say that this version is still AFP 3.3 compliant, so your OS X clients won’t feel the difference.

Usually you’d need to download the source and compile it but for RHEL-based distros you can use the rpm I created netatalk-3.0.3-0.0.7.el6.x86_64.rpm

The package has two dependencies that we need to clear before installing.

1
bash-3.2$ su -c 'yum install -y perl avahi'

The avahi component will be the one offering bonjour services so that OS X clients on the network identify the Linux server. Once that is done we can go ahead and install the rpm with

1
bash-3.2$ su -c 'rpm -ivh netatalk-3.0.3-0.0.7.el6.x86_64.rpm'

Currently the installer is missing to create one necessary empty file. So to fix this we run

touch /etc/afppasswd

Now let’s create a local user that the clients will connect as (ldap based authentication is also an option) and set a password. In this example I will be sharing the home folder of the newly created account.

1
bash-3.2$ useradd afpuser ; passwd afpuser

Add the new local user to the afppasswd database with

afppasswd -a afpuser

Now edit the main configuration file /etc/afp.conf with your favorite editor. A very minimal configuration to have the service running would be

1
2
3
4
5
6
7
8
9
10
11
12
13
;
; Netatalk 3.x configuration file
;
;
[Global]
; Global server settings
;
; [Homes]
; basedir regex = /home
;
[afpuser's AFP share]
path = /home/afpuser
valid users = afpuser
1
2
bash-3.2$ su -c '/etc/rc.d/init.d/netatalk start'
bash-3.2$ su -c 'chkconfig netatalk on'

Only thing left is to open port 548 and for this you can use system-config-firewall or system-config-firewall-tui and you are done!

Changing the configuration file we can get some more features. For example if we want to enable guest login to our share a configuration file could look like this (the man page states that the username should be in quotes but should not) :

1
2
3
4
5
6
7
8
9
10
11
12
13
;
; Netatalk 3.x configuration file
;
[Global]
uam list = uams_guest.so uams_dhx.so uams_dhx2.so
guest account = afpuser
;
; [Homes]
; basedir regex = /home
;
[afpuser's AFP share]
path = /home/afpuser
valid users = afpuser guest

Any afp share can be enabled to be a Time Machine destination by just adding one extra line

1
2
3
4
[afpuser's AFP share]
path = /home/afpuser
valid users = afpuser
time machine = yes

The following three tips apply to the [Global] section. We can enable the afpstats to see the number of active connections, source, time and status just by adding

1
afpstats = yes

Add a message to be displayed with every login by adding

1
login message = "Welcome to a Linux box"

Appear on Bonjour as an Apple machine with

1
mimic model = Macmini

As you have seen a basic configuration of the service is trivial. The performance and stability of this AFP fileserver makes it worth considering. I have reached 77MB/s downloads from an old Dell laptop. The project has support for ldap authentication and even variables for share names. It is a shame the variables are still not supported in file paths. For more advanced configurations check its documentation at http://netatalk.sourceforge.net/3.0/htmldocs/

Every day Linux is more present in the Mac world, today you can for example have a Munki server, MunkiWebAdmin and offer pkg downloads from a Linux box while administering the server from your Mac computer using AFP.

Comments