AFP
From PlugWiki
AFP stands for Apple Filing Protocol, it is the response from Apple to SMB/CIFS and allows several Macs to share files among them, however, thanks to the netatalk project we can now share files from our linux box. This howto is about installing an AFP server and broadcasting it using zeroconf (also known as Bonjour and Rendezvous). I assume you have your network ready to go. This tutorial focuses on Gentoo, however it can be used to configure any distro, as long as you have the right packages.
Contents |
Installing the software
For AFP to work we need 2 programs: the first one is netatalk, which is an AppleTalk implementation for Linux, since AppleTalk is a whole different protocol than the used in most common networks we are going to route it inside TCP/IP, this is pretty simple and is used in most recent Macs. Next we need another program called Avahi, this program takes care of broadcasting services, so that compatible software can instantly know when there is an AFP enabled computer, you are going to see your sheeva on Finder under the network systems.
Use your distro's package manager to install both programs, I used netatalk 2.0.3-r4 and avahi 0.6.24-r2. I think you can install any version that is close to this one, however there is a catch: netatalk 2.0.3-r4 has a fix for leopard that has to be enabled, so if your distro doesn't have that version (or later) you may need to compile it from source, or google for a precompiled one.
For gentoo users the command is a known one:
emerge -av avahi netatalk
Don't fotget to edit your USE flags to your liking. Once you are happy, install.
Setting up AFP
As mentioned above, netatalk provides more than just AFP, it has many services which may or may not be useful for you. For me, I only need AFP so I disabled everything else, but if you are in a Mac network you may want to enable a few more. The first step is to configure netatalk in order to disable services we don't need. In gentoo the config files are located in /etc/netatalk, they may not be in the same spot in other distros.
Inside the folder there are several files, the one we care for are the following:
- AppleVolumes.default: contains the configuration for the folders that we want to share.
- netatalk.conf: Main config file for netatalk.
- afpd.conf: configuration for AFP
First open netatalk.conf, make sure you read the comments, then look for the following lines and change them to this:
ATALKD_RUN=no PAPD_RUN=no CNID_METAD_RUN=yes AFPD_RUN=yes TIMELORD_RUN=no A2BOOT_RUN=no
Basically I am disabling everything except AFP, you may enable more stuff if you like.
Once you do that, open afpd.conf and add read the comments (pretty interesting stuff), if you have done so, or are too impatiend, simply add the following line at the end:
- -noddp -tcp -uamlist uams_randnum.so,uams_dhx.so,uams_clrtxt.so -nosavepassword
I hate when people write howtos and don't explain the commands, so I am going to explain it:
The - at the beginning is part of the config format (AFAIK) The -noddp tells AFPD to not allow AppleTalk nets, since I don't have any, I leave it like that. The -tcp option tells AFPD to allow TCP tunneling, that's what we want. The -uamlist stands for User Access Modules and it tells AFPS how a user can authenticate, I have no idea what each one is for, so I enabled those 3. (some of them are needed for leopard, so leave them like that) Finally, the -nosavepassword is to tell AFP to not allow the systems to store the password, this is optional.
The final file we have to edit is the AppleVolumes.default, open it and as usual, read the comments. Here is my config file:
~ /mnt/usb/files allow:@users /mnt/millie allow:@users
Let's review it:
- The ~ tells AFP to share home dirs.
- In the second line I am sharing the folder /mnt/usb/files, that is a small storage I use for random files. The allos:@users is simply to allow anybody from the group users to use the share, you may customize this list with more options for extra security.
- The third line is another share, similar to the previous one.
Now start the service, gentoo users may want to try:
/etc/init.d/atalk start rc-update add atalk default
For other distros, chck your init scripts!
Once the service is up and running check for any error, and then you can connect from your mac using: afp://your-sheevaplug-ip
Telling others we are here
Now its time to tell other macs that they can connect here, so lets configure avahi. In gentoo config files are at /etc/avahi, the files we care are:
- avahi-daemon.conf: main config file
- The services folder
Fortunately for us, avahi comes preonfigured and working out of the box, but you may want to edit avahi-daemon.conf for any extra thing. I just changed use-ipv6 to no, because I don't need it.
Then go to the folder named services, each of these files tells avahi to bradcast for a specific service, we need to add one for AFP, so lets create a new file, name it whatever you want, just make sure it ends with ".service", I named mine afpd.service.
This may be boring, so just copy and paste this:
<?xml version="1.0" standalone='no'?> <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name> <service> <type>_afpovertcp._tcp</type> <port>548</port> </service> </service-group>
Basically we tell avahi to broadcast the service known as "%h" to the world, in case you wonder, it means hostname, so the share will be named after your sheevaplug. The rest is simply to tell the type of service and the port, no big deal.
You may want to add more stuff while you are here, as a bonus here is how to broadcast SMB shares:
<?xml version="1.0" standalone='no'?> <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h Samba</name>
<service>
<type>_smb._tcp</type>
<port>139</port>
</service>
</service-group>
Same stuff as previous file, just save it to the services folder.
Once you are done with the service files, start avahi:
/etc/init.d/avahi-daemon start rc-update add avahi-daemon default
And the share should appear in Finder now.
You are finished now. You can sit back and enjoy your files from anywhere, so far, using 100 mbps cabled network I've had about 80 mbps of sustained throughput, very similar to AFP. You may want to read the following sections to learn problems you may find and the solution (if it exists).
Disk permissions
This is a tricky part, once you have setup your shares you may want to access with non-root users, this is possible by setting the allowed users in AppleVolumes.default, however you need to set certain permissions to your folders. AFP supports UNIX type permissions, so you have to make sure that the user has read and write permission to the folder, one way to do this is by setting it to 777, however that is unsafe and not really recommended. what I did is the following: First I change the files group to 'users' and set the permissions to 775, this gives the group's members full control over the files. You can change the permission by issuing:
chgrp -R users /path/to/share chmod -R 775 /path/to/share
Quirks and problems
There is a bit of a catch with AFP, once you create a file remotely, the owner is set to the user that you used to log in AFP, this is OK if you are the only users, but if you are sharing with other people this can be troublesome, if you are using Tiger you can set the setgrp bit on the parent folder, and every permission will be inherited, however in Leopard there is a weird bug that prevents this from working. In order to fix this you are going to need the latest version of netatalk (2.0.4 at the time of writing) and inside the AppleVolumes.default you can set a force group option. I haven't tested this fix, but It's the recommended fix from the netatalk mailing list.
Another problem you may find is if you are sharing a Mac drive with other Macs, for some reason hfsplus forgets to delete files when deleted from AFP, and you'll have to repair your drive using disk utility. This has happened to me a couple of times and I am not sure if there is a workaround (maybe stop using hfsplus).
Another problem you may find is when trying to use a bundle from a networked drive, a bundle may be a sparsebundle, an application or an installer; they will appear as regular files over the AFP share, simply open a program that allows to change the attributes (Finder AFAIK doesn't work with this) and enable the bundle bit. I used pathfinder to change it.
