Articles,Linux May 6, 2013 at 8:00 am

Using Netatalk: AFP Services on a Linux Server

Let’s face it, OS X makes a great stable client platform but the server components do not scale well. That is probably why most big companies rely on some other component to have the infrastructure and then us, the Mac admins, spend a lot of time on the integration. For those with Linux servers here is a quick guide on how to serve files using the afp protocol from a Linux box. For this guide I’ll be using the Red Hat Enterprise Linux (RHEL) rebuild CentOS.

Last year the guys from the netatalk project released the 3.0 version of their AFP server. This third version came out with support for AppleDouble metadata, removed support for AppleTalk and made the configuration process much easier. Needless to say that this version is still AFP 3.3 compliant, so your OS X clients won’t feel the difference.

Usually you would need to download the source and compile it, but for RHEL-based distros you can use the rpm I created.  You can download it here.

The package has two dependencies that we need to clear before installing.

su -c 'yum install -y perl avahi'

The avahi component will be the one offering bonjour services so that OS X clients on the network identify the Linux server. Once that is done we can go ahead and install the rpm with

su -c 'rpm -ivh netatalk-devel-3.0.3-0.0.7.el6.x86_64.rpm'

We need to create a file that the installer does not create for us, but is necessary. To fix this, run:

touch /etc/afppasswd

Now let’s create a local user that the clients will connect as (ldap based authentication is also an option) and set a password. In this example I will be sharing the home folder of the newly created account.

useradd afpuser ; passwd afpuser

Add the new local user to the afppasswd database with

afppasswd -a afpuser

Now edit the main configuration file /etc/afp.conf with your favorite editor. A very minimal configuration to get the service running would look like this:

;
; Netatalk 3.x configuration file
;
;
[Global]
; Global server settings
;
; [Homes]
; basedir regex = /home
;
[afpuser's AFP share]
path = /home/afpuser 
valid users = afpuser

As you can see the configuration file has two distinct categories and for any new share you would add a new category at the bottom. Start the service and set it to start automatically on the next boot:

/etc/rc.d/init.d/netatalk start
chkconfig netatalk on

Only thing left is to open port 548 and for this you can use system-config-firewall or system-config-firewall-tui and you are done!

By changing the configuration file we can get some more features. For example, if we want to enable guest login to our share, the configuration file could look like this (the man page states that the username should be in quotes but should not) :

;
; Netatalk 3.x configuration file
;
[Global]
uam list = uams_guest.so uams_dhx.so uams_dhx2.so
guest account = afpuser
;
; [Homes]
; basedir regex = /home
;
[afpuser's AFP share]
path = /home/afpuser 
valid users = afpuser guest

Any afp share can be enabled to be a Time Machine destination by just adding one extra line:

[afpuser's AFP share]
path = /home/afpuser 
valid users = afpuser
time machine = yes

The following three tips apply to the [Global] section. We can enable the afpstats to see the number of active connections, source, time and status just by adding

afpstats = yes

Add a message to be displayed with every login by adding

login message = "Welcome to a Linux box"

Appear on Bonjour as an Apple machine with

mimic model = Macmini

As you can see, a basic configuration of the service is trivial. The performance and stability of this AFP fileserver makes it worth considering. I have reached 77MB/s downloads from an old Dell laptop. The project has support for ldap authentication and even variables for share names. It is a shame the variables are still not supported in file paths. For more advanced configurations check its documentation at http://netatalk.sourceforge.net/3.0/htmldocs/

Every day, Linux is more present in the Mac world.  For example, today you can have a Munki server, MunkiWebAdmin and offer pkg downloads from a Linux box while administering the server from your Mac computer using AFP.

About Noel Alonso

Ex-Apple employee currently working as MacAdmin in a university with one of the biggest Mac bases in the Middle East.

7 Comments

Leave a reply

You must be logged in to post a comment.